Google Chrome < 6.0.472.53 Multiple Vulnerabilities

This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.


Synopsis :

The remote host contains a web browser that is affected by multiple
vulnerabilities.

Description :

The version of Google Chrome installed on the remote host is earlier
than 6.0.472.53. It therefore is reportedly affected by multiple
vulnerabilities :

- It is possible to bypass the pop-up blocker with a blank
frame target . (Issue #34414)

- It is possible to visually spoof the URL bar with
homographic sequences. (Issue #37201)

- Restrictions on setting clipboard content are not strict
enough. (Issue #41654)

- A stale pointer exists with SVG filters. (Issue #45659)

- It may be possible to enumerate installed extensions.
(Issue #45876)

- An unspecified vulnerability in WebSockets could lead
to a browser NULL crash. (Issue #46750, #51846)

- A use-after-free error exists in the Notifications
presenter. (Issue #50386)

- An unspecified memory corruption issue exists in
Notification permissions. (Issue #50839)

- Multiple unspecified integer errors exist in WebSockets.
(Issue #51360, #51739)

- A memory corruption issue exists with counter nodes.
(Issue #51653)

- Chrome may store an excessive amount of autocomplete
entries. (Issue #51727)

- A stale pointer exists in focus handling. (Issue #52443)

- A Sandbox parameter deserialization error exists.
(Issue #52682)

- An unspecified cross-origin image theft issue exists.
(Issue #53001)

See also :

http://www.nessus.org/u?799b5a8f

Solution :

Upgrade to Google Chrome 6.0.472.53 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now