icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Google Chrome < 34.0.1847.116 Multiple Vulnerabilities

High

Synopsis

The remote host is running an outdated web browser that contains multiple vulnerabilities.

Description

The version of Google Chrome installed on the remote host is a version prior to 34.0.1847.116, and is thus affected by the following vulnerabilities:

- use-after-free error exists in the included Flash version that could lead to arbitrary code execution. (CVE-2014-0506)

- A buffer overflow error exists in the included Flash version that could lead to arbitrary code execution. (CVE-2014-0507)

- An unspecified error exists in the included Flash version that could allow a security bypass leading to information disclosure. (CVE-2014-0508)

- An unspecified error exists in the included Flash version that could allow cross-site scripting attacks. (CVE-2014-0509)

- An input-validation error exists that could allow universal cross-site scripting (UXSS) attacks. (CVE-2014-1716)

- An unspecified out-of-bounds access error exists related to the V8 JavaScript engine. (CVE-2014-1717)

- An integer overflow error exists related to the compositor. (CVE-2014-1718)

- Use-after-free errors exist related to web workers, DOM processing, rendering, speech handling and forms handling. (CVE-2014-1719, CVE-2014-1720, CVE-2014-1722, CVE-2014-1724, CVE-2014-1727)

- An unspecified memory corruption error exists related to the V8 JavaScript engine. (CVE-2014-1721)

- An URL confusion error exists related to handling RTL characters. (CVE-2014-1723)

- An out-of-bounds read error exists related to handling 'window property' processing. (CVE-2014-1725)

- An unspecified error exists that could allow local cross-origin bypasses. (CVE-2014-1726)

- Various, unspecified memory handling errors exist. (CVE-2014-1728)

- Various, unspecified errors exist related to the V8 JavaScript engine. (CVE-2014-1729)

Solution

Updates are available. Linux users should upgrade to 34.0.1847.116 or later.