Google Chrome < 13.0.782.215 Multiple Vulnerabilities

This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.


Synopsis :

The remote host contains a web browser that is affected by multiple
vulnerabilities.

Description :

The version of Google Chrome installed on the remote host is earlier
than 13.0.782.215 and is potentially affected by several
vulnerabilities:

- An unspecified error related to command line URL
parsing exists. (Issue #72492)

- Use-after-free errors related to line box handling,
counter nodes, custom fonts, and text searching.
(Issue #82552, #88216, #88670, #90668)

- A double-free error related to libxml XPath handling
exists. (Issue #89402)

- An error related to empty origins exists that can allow
cross-domain violation. (Issue #87453)

- A memory corruption error exists related to vertex
handling. (Issue #89836)

- An out-of-bounds write error exists in the v8
JavaScript engine. (Issue #91517)

- An integer overrun error exists in the handling of
uniform arrays. (Issue #91598)

See also :

http://www.zerodayinitiative.com/advisories/ZDI-12-054/
http://www.nessus.org/u?4ab50493

Solution :

Upgrade to Google Chrome 13.0.782.215 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now