Google Chrome < 8.0.552.215 Multiple Vulnerabilities

This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.


Synopsis :

The remote host contains a web browser that is affected by multiple
vulnerabilities.

Description :

The version of Google Chrome installed on the remote host is earlier
than 8.0.552.215. Such versions are reportedly affected by multiple
vulnerabilities :

- It may be possible to bypass the pop-up blocker.
(Issue #17655)

- A cross-origin video theft vulnerability exists related
to canvas. (Issue #55745)

- An unspecified crash exists when handling HTML5
databases. (Issue #56237)

- Excessive file dialogs could lead to a browser crash.
(Issue #58329)

- A use after free error exists in history handling.
(Issue #59554)

- It may be possible to crash the browser when performing
http proxy authentication. (Issue #61701)

- An out-of-bounds read regression exists in the WebM
video support. (Issue #61701)

- It may be possible to crash the browser due to bad
indexing with malformed video. (Issue #62127)

- A memory corruption issue exists relating to malicious
privileged extension. (Issue #62168)

- A use-after-free error exists in the handling of SVG
animations. (Issue #62401)

- A use-after-free error exists in the mouse dragging
event handling. (Issue #63051)

- A double free error exists in XPath handling.
(Issue #63444)

See also :

http://www.nessus.org/u?986a631f

Solution :

Upgrade to Google Chrome 8.0.552.215 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:ND)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now