Google Chrome < 34.0.1847.116 Multiple Vulnerabilities

High

Synopsis

The remote host is running an outdated web browser that contains multiple vulnerabilities.

Description

The version of Google Chrome installed on the remote host is a version prior to 34.0.1847.116, and is thus affected by the following vulnerabilities:

- use-after-free error exists in the included Flash version that could lead to arbitrary code execution. (CVE-2014-0506)

- A buffer overflow error exists in the included Flash version that could lead to arbitrary code execution. (CVE-2014-0507)

- An unspecified error exists in the included Flash version that could allow a security bypass leading to information disclosure. (CVE-2014-0508)

- An unspecified error exists in the included Flash version that could allow cross-site scripting attacks. (CVE-2014-0509)

- An input-validation error exists that could allow universal cross-site scripting (UXSS) attacks. (CVE-2014-1716)

- An unspecified out-of-bounds access error exists related to the V8 JavaScript engine. (CVE-2014-1717)

- An integer overflow error exists related to the compositor. (CVE-2014-1718)

- Use-after-free errors exist related to web workers, DOM processing, rendering, speech handling and forms handling. (CVE-2014-1719, CVE-2014-1720, CVE-2014-1722, CVE-2014-1724, CVE-2014-1727)

- An unspecified memory corruption error exists related to the V8 JavaScript engine. (CVE-2014-1721)

- An URL confusion error exists related to handling RTL characters. (CVE-2014-1723)

- An out-of-bounds read error exists related to handling 'window property' processing. (CVE-2014-1725)

- An unspecified error exists that could allow local cross-origin bypasses. (CVE-2014-1726)

- Various, unspecified memory handling errors exist. (CVE-2014-1728)

- Various, unspecified errors exist related to the V8 JavaScript engine. (CVE-2014-1729)

Solution

Updates are available. Linux users should upgrade to 34.0.1847.116 or later.