Google Chrome < 5.0.375.70 Multiple Vulnerabilities

This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.


Synopsis :

The remote host contains a web browser that is affected by multiple
vulnerabilities.

Description :

The version of Google Chrome installed on the remote host is earlier
than 5.0.375.70. As such, it is reportedly affected by multiple
vulnerabilities :

- A cross-origin keystroke redirection vulnerability.
(Issue #15766)

- A cross-origin bypass in DOM methods. (Issue #39985)

- A memory error exists in table layout. (Issue #42723)

- It is possible to escape the sandbox in Linux.
(Issue #43304)

- A stale pointer exists in bitmap. (Issue #43307)

- A memory corruption vulnerability exists in DOM node
normalization. (Issue #43315)

- A memory corruption vulnerability exists in text
transforms. (Issue #43487)

- A cross-site scripting vulnerability exists in the
innerHTML property of textarea. (Issue #43902)

- A memory corruption vulnerability exists in font
handling. (Issue #44740)

- Geolocation events fire after document deletion.
(Issue #44868)

- A memory corruption vulnerability exists in the
rendering of list markers. (Issue #44955)

See also :

http://www.nessus.org/u?6c406bbd

Solution :

Upgrade to Google Chrome 5.0.375.70 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now