Google Chrome < 15.0.874.102 Multiple Vulnerabilities

This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.


Synopsis :

The remote host contains a web browser that is affected by multiple
vulnerabilities.

Description :

The version of Google Chrome installed on the remote host is earlier
than 15.0.874.102. It therefore is potentially affected by the
following vulnerabilities :

- Several URL bar spoofing errors exist related to
history handling and drag-and-drop of URLs.
(CVE-2011-2845, CVE-2011-3875)

- Whitespace is stripped from the end of download
filenames. (CVE-2011-3876)

- A cross-site scripting issue exists related to the
'appcache' internals page. (CVE-2011-3877)

- A race condition exists related to working process
initialization. (CVE-2011-3878)

- An error exists related to redirection to 'chrome
scheme' URIs. (CVE-2011-3879)

- Unspecified special characters may be used as
delimiters in HTTP headers. (CVE-2011-3880)

- Several cross-origin policy violation issues exist.
(CVE-2011-3881)

- Several use-after-free errors exist related to media
buffer handling, counter handling, stale styles,
plugins and editing, and video source handling.
(CVE-2011-3882, CVE-2011-3883, CVE-2011-3885,
CVE-2011-3888, CVE-2011-3890)

- Timing issues exist related to DOM traversal.
(CVE-2011-3884)

- An out-of-bounds write error exists in the V8
JavaScript engine. (CVE-2011-3886)

- Cookie theft is possible via JavaScript URIs.
(CVE-2011-3887)

- A heap overflow issue exists related to Web Audio.
(CVE-2011-3889)

- Functions internal to the V8 JavaScript engine are
exposed. (CVE-2011-3891)

See also :

http://www.nessus.org/u?614d8eb8

Solution :

Upgrade to Google Chrome 15.0.874.102 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now