Google Chrome < 12.0.742.91 Multiple Vulnerabilities

This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.


Synopsis :

The remote host contains a web browser that is affected by multiple
vulnerabilities.

Description :

The version of Google Chrome installed on the remote host is earlier
than 12.0.742.91. Such versions of Chrome are affected by multiple
vulnerabilities:

- Use-after-free errors exist in the handling of float
variables, accessibility functionality, developer
tools and an image loader. (Issues #73962, #79746,
#75496, #80358, #81949)

- An information disclosure vulnerability exists that
can leak browser history via CSS. (Issue #75643)

- An unspecified error exists related to handling
many form submissions. (Issue #76034)

- An unspecified extensions permissions bypass
vulnerability exists. (Issue #77026)

- An unspecified error in the extensions framework can
leave stale pointers behind. (Issue #78516).

- An unspecified error can lead to a read of an
uninitialized pointer. (Issue #79362)

- An extension can inject script into a new tab page or
into the browser chrome. (Issues #79862, #83010)

- An unspecified error exists which can corrupt memory
when the browser history is deleted. (Issue #81916)

- Errors exist that allow the same origin policy to be
bypassed in 'v8' and 'DOM'. (Issues #83275, #83743)

See also :

http://www.nessus.org/u?27ba5b5d

Solution :

Upgrade to Google Chrome 12.0.742.91 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now