Google Chrome < 5.0.375.127 Multiple Vulnerabilities

This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.


Synopsis :

The remote host contains a web browser that is affected by multiple
vulnerabilities.

Description :

The version of Google Chrome installed on the remote host is earlier
than 5.0.375.127. Such versions are reportedly affected by multiple
vulnerabilities :

- A memory corruption vulnerability exists with the file
dialog. (Issue #45400)

- A memory corruption vulnerability exists when
processing SVG files. (Issue #49596)

- A vulnerability exists due to a bad cast with text
editing. (Issue #49628)

- A vulnerability exists that possibly allows address
bar spoofing via a history bug. (Issue #49964)

- A memory corruption vulnerability exists in MIME type
handling. (Issue #50515, #51835)

- A vulnerability exists due to a crash on shutdown via a
notifications bug. (Issue #50553)

- A vulnerability can be triggered in omnibox autosuggest
if the user may be going to type a password.
(Issue #51146)

- A memory corruption vulnerability exists in ruby
support. (Issue #51654)

- A memory corruption vulnerability exists in Geolocation
support. (Issue #51670)

See also :

http://www.nessus.org/u?82e215b9

Solution :

Upgrade to Google Chrome 5.0.375.127 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 48383 (google_chrome_5_0_375_127.nasl)

Bugtraq ID: 42571
44199
44200
44201
44203

CVE ID: CVE-2010-3112
CVE-2010-3113
CVE-2010-3114
CVE-2010-3115
CVE-2010-3116
CVE-2010-3117
CVE-2010-3118
CVE-2010-3119
CVE-2010-3120

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now