Google Chrome < 35.0.1916.114 Multiple Vulnerabilities

high Nessus Network Monitor Plugin ID 8263

Synopsis

The remote host is running an outdated web browser that contains multiple vulnerabilities.

Description

The version of Google Chrome installed on the remote host is a version prior to 35.0.1916.114 and is thus missing fixes for multiple vulnerabilities, some of which include:

- Use-after-free vulnerabilities in styles and SVG that may be leveraged by a context-dependent attacker to dereference freed memory and execute arbitrary code (CVE-2014-1743, CVE-2014-1746)

- Integer overflow vulnerability due to improper audio file validation, which may be leveraged by an attacker to cause a buffer overflow resulting in arbitrary code execution (CVE-2014-1744)

- An out-of-bounds read issue when handling media filters, which can be leveraged to cause a crash and/or potentially disclose memory contents (CVE-2014-1746)

- A universal cross-site scripting attack due to insufficient validation when handling local MHTML files (CVE-2014-1747)

- A UI spoofing flaw which can be leveraged by a context-dependent attacker to paint a scroll corner larger than the iframe it is attached to, potentially allowing for clickjacking attacks (CVE-2014-1748)

- An update to Google V8 engine, which in version 3.25.28.16 fixes an integer underflow vulnerability that could otherwise be leveraged for arbitrary code execution (CVE-2014-3152)

- A vulnerability in Blink's 'SpeechInput' speech recongition feature, which may be exploited for information disclosure in conjunction with clickjacking; the feature has since been disabled (CVE-2014-3803)

- Other miscellaneous vulnerabilities undisclosed by the vendor (CVE-2014-1749)

Solution

Update the Chrome browser to 35.0.1916.114 or later.

See Also

http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html,https://code.google.com/p/chromium/issues/detail?id=358057,https://code.google.com/p/chromium/issues/detail?id=374649

Plugin Details

Severity: High

ID: 8263

Family: Web Clients

Published: 5/22/2014

Updated: 3/6/2019

Nessus ID: 74122

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:google:chrome

Patch Publication Date: 5/20/2014

Vulnerability Publication Date: 5/20/2014

Reference Information

CVE: CVE-2014-1743

BID: 67517