Google Chrome < 11.0.696.57 Multiple Vulnerabilities

This script is Copyright (C) 2011-2017 Tenable Network Security, Inc.


Synopsis :

The remote host contains a web browser that is affected by multiple
vulnerabilities.

Description :

The version of Google Chrome installed on the remote host is earlier
than 11.0.696.57. Such versions of Chrome are affected by multiple
vulnerabilities:

- A stale pointer exists in floating object handling.
(Issue #61502)

- It may be possible to bypass the pop-up blocker via
plug-ins. (Issue #70538)

- There is a lack of thread safety in MIME handling.
(Issue #71586)

- A bad extension with 'tabs' permission can capture local
files. (Issue #72523)

- Multiple integer overflows exist in float rendering.
(Issue #73526)

- A same origin policy violation exists with blobs.
(Issue #74653)

- A use-after-free error exists with <ruby> tags and CSS.
(Issue #75186)

- A bad cast exists with floating select lists.
(Issue #75347)

- Corrupt node trees exist with mutation events.
(Issue #75801)

- Multiple stale pointers exist in layering code.
(Issue #76001)

- An out-of-bounds read exists in SVG. (Issue #76646)

- It is possible to spoof the URL bar with navigation
errors and interrupted loads. (Issue #76666, #77507,
#78031)

- A stale pointer exists in drop-down list handling.
(Issue #76966)

- A stale pointer exists in height calculations.
(Issue #77130)

- A use-after-free error exists in WebSockets.
(Issue #77346)

- Multiple dandling pointers exist in file dialogs.
(Issue #77349)

- Multiple dangling pointers exist in DOM id map.
(Issue #77463)

- It is possible to spoof the URL bar with redirect and
manual reload. (Issue #77786)

- A use-after-free issue exists in DOM id handling.
(Issue #79199)

- An out-of-bounds read exists when handling
multipart-encoded PDFs. (Issue #79361)

- Multiple stale pointers exist with PDF forms.
(Issue #79364)

See also :

http://www.nessus.org/u?5cd0fc79

Solution :

Upgrade to Google Chrome 11.0.696.57 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true