Detections
Analytics

Google Chrome < 14.0.835.202 Multiple Vulnerabilities

high Log Correlation Engine Plugin ID 800905

Synopsis

The remote host contains a web browser that is vulnerable to multiple attack vectors.

Description

Versions of Google Chrome earlier than 14.0.835.202 are affected by multiple vulnerabilities :

- A use-after-free issue exists in text line box handling. (Issue 93788)

 - A stale font issue exists in SVG text handling. (Issue 95072)

 - An inappropriate cross-origin access to the window prototype exists. (Issue 95671)

 - Lifetime and threading issues exist in audio node handling. (Issue 96150)

 - A use-after-free issue exists in the v8 bindings. (Issues 97451, 97520, 97615)

 - A memory corruption issue exists in v8 hidden objects. (Issue 97784)

 - A memory corruption issue exists in the shader translator. (Issue 98089)

Solution

Upgrade to Google Chrome 14.0.835.202 or later.

See Also

googlechromereleases.blogspot.com/2011/10/stable-channel-update.html

Plugin Details

Severity: High

ID: 800905

Family: Web Clients

Published: 10/4/2011

Nessus ID: 56391

Risk Information

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

Patch Publication Date: 10/4/2011

Vulnerability Publication Date: 10/4/2011

Reference Information

CVE: CVE-2011-2876, CVE-2011-2877, CVE-2011-2878, CVE-2011-2879, CVE-2011-2880, CVE-2011-2881, CVE-2011-3873

BID: 49938