Google Chrome < 14.0.835.163 Multiple Vulnerabilities

This script is Copyright (C) 2011-2015 Tenable Network Security, Inc.


Synopsis :

The remote host contains a web browser that is affected by multiple
vulnerabilities.

Description :

The version of Google Chrome installed on the remote host is earlier
than 14.0.835.163 and is affected by multiple vulnerabilities:

- A race condition exists related to the certificate
cache. (Issue #49377)

- The Windows Media Player plugin allows click-free
access to the system Flash. (Issue #51464)

- MIME types are not treated authoritatively at plugin
load time. (Issue #75070)

- An unspecified error allows V8 script object wrappers
to crash. (Issue #76771)

- The included PDF functionality contains a garbage
collection error. (Issue #78639)

- Out-of-bounds read issues exist related to media
buffers, mp3 files, box handling, Khmer characters,
video handling, Tibetan characters, and triangle
arrays. (Issues #82438, #85041, #89991, #90134, #90173,
#95563, #95625)

- An unspecified error allows data displayed in the URL
to be spoofed. (Issue #83031)

- Use-after-free errors exist related to unload event
handling, the document loader, plugin handling, ruby,
table style handling, and the focus controller.
(Issues #89219, #89330, #91197, #92651, #94800, #93420,
#93587)

- The URL bar can be spoofed in an unspecified manner
related to the forward button. (Issue #89564)

- An NULL pointer error exists related to WebSockets.
(Issue #89795)

- An off-by-one error exists related to the V8 JavaScript
engine. (Issue #91120)

- A stale node error exists related to CSS stylesheet
handling. (Issue #92959)

- A cross-origin bypass error exists related to the V8
JavaScript engine. (Issue #93416)

- A double-free error exists related to XPath handling
in libxml. (Issue #93472)

- Incorrect permissions are assigned to non-gallery
pages. (Issue #93497)

- An improper string read occurs in the included PDF
functionality. (Issue #93596)

- An unspecified error allows unintended access to
objects built in to the V8 JavaScript engine.
(Issue #93906)

- Self-signed certificates are not pinned properly.
(Issue #95917)

- A variable-type confusion issue exists in the V8
JavaScript engine related to object sealing.
(Issue #95920)

See also :

http://www.nessus.org/u?5ce99226

Solution :

Upgrade to Google Chrome 14.0.835.163 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true