Google Chrome for Android < 36.0.1985.122 Multiple Vulnerabilities

medium Nessus Network Monitor Plugin ID 8341

Synopsis

The remote mobile host was detected using an outdated version of Google Chrome.

Description

Versions of Google Chrome for Android earlier than 36.0.1985.122 are unpatched for the following security issues:

- Omnibox URL spoofing (CVE-2014-3159)

- Same-origin-policy bypass (CVE-2014-3161)

Solution

Upgrade to Google Chrome 36.0.1985.122 or later from the Google Play app store.

Plugin Details

Severity: Medium

ID: 8341

Family: Mobile Devices

Published: 7/17/2014

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: Medium

Base Score: 5.6

Temporal Score: 5.4

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:google:chrome

Patch Publication Date: 7/16/2014

Vulnerability Publication Date: 7/16/2014

Reference Information

CVE: CVE-2014-3159, CVE-2014-3161

BID: 68679

Detections

Analytics

Google Chrome for Android < 36.0.1985.122 Multiple Vulnerabilities

medium Nessus Network Monitor Plugin ID 8341

Synopsis

Description

Solution

See Also

Plugin Details

Risk Information

VPR

CVSS v2

CVSS v3

Vulnerability Information

Reference Information