Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Google Chrome < 34.0.1847.116 Multiple Vulnerabilities

High

Synopsis

The remote host is running an outdated web browser that contains multiple vulnerabilities.

Description

The version of Google Chrome installed on the remote host is a version prior to 34.0.1847.116, and is thus affected by the following vulnerabilities :

- A use-after-free error exists in the included Flash version that could lead to arbitrary code execution. (CVE-2014-0506) - A buffer overflow error exists in the included Flash version that could lead to arbitrary code execution. (CVE-2014-0507) - An unspecified error exists in the included Flash version that could allow a security bypass leading to information disclosure. (CVE-2014-0508) - A flaw exists related to IPC message injection. Combined with another vulnerability that allows compromising a renderer, a context-dependent attacker can bypass sandbox restrictions. (2014-1709) - An unspecified error exists in the included Flash version that could allow cross-site scripting attacks. (CVE-2014-0509) - An input-validation error exists that could allow universal cross-site scripting (UXSS) attacks. (CVE-2014-1716) - An unspecified out-of-bounds access error exists related to the V8 JavaScript engine. (CVE-2014-1717) - An integer overflow error exists related to the compositor. (CVE-2014-1718) - Use-after-free errors exist related to web workers, DOM processing, rendering, speech handling and forms handling. (CVE-2014-1719, CVE-2014-1720, CVE-2014-1722, CVE-2014-1724, CVE-2014-1727) - An unspecified memory corruption error exists related to the V8 JavaScript engine. (CVE-2014-1721) - An URL confusion error exists related to handling RTL characters. (CVE-2014-1723) - An out-of-bounds read error exists related to handling 'window property' processing. (CVE-2014-1725) - An unspecified error exists that could allow local cross-origin bypasses. (CVE-2014-1726) - Various, unspecified memory handling errors exist. (CVE-2014-1728) - Various, unspecified errors exist related to the V8 JavaScript engine. (CVE-2014-1729)

Solution

Updates are available. Linux users should upgrade to 34.0.1847.116 or later.