Google Chrome < 10.0.648.127 Multiple Vulnerabilities

This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.


Synopsis :

The remote host contains a web browser that is affected by multiple
vulnerabilities.

Description :

The version of Google Chrome installed on the remote host is earlier
than 10.0.648.127. Such versions are reportedly affected by multiple
vulnerabilities :

- It may be possible to navigate or close the top location
in a sandboxed frame. (Issue #42574, #42765)

- A cross-origin error message leak exists. (Issue #69187)

- A memory corruption issue exists with counter nodes.
(Issue #69628)

- An unspecified issue exists with stale nodes in box
layout. (Issue #70027)

- A cross-origin error message leak exists with workers.
(Issue #70336)

- A use-after-free error exists with DOM URL handling.
(Issue #70442)

- A same origin policy bypass exists in v8. (Issue #70877)

- It may be possible to bypass the pop-up blocker.
(Issue #70885, #71167)

- A use-after-free error exists in document script
lifetime handling. (Issue #71763)

- An out-of-bounds write issue exists in the OGG
container. (Issue #71788)

- A stale pointer exists in table painting. (Issue #72028)

- A corrupt out-of-bounds structure may be used in video
code. (Issue #73026)

- It may be possible to crash the application with the
DataView object. (Issue #73066)

- A bad cast exists in text rendering. (Issue #73134)

- A stale pointer exists in the WebKit context code.
(Issue #73196)

- It may be possible for heap addresses to leak in XSLT.
(Issue #73716)

- A stale pointer exists with SVG cursors. (Issue #73746)

- It is possible for the DOM tree to be corrupted with
attribute handling. (Issue #74030)

- An unspecified corruption exists via re-entrancy of
RegExp code. (Issue #74662)

- An invalid memory access exists in v8. (Issue #74675)

See also :

http://www.nessus.org/u?903021a5

Solution :

Upgrade to Google Chrome 10.0.648.127 or later.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false