Google Chrome < 17.0.963.56 Multiple Vulnerabilities

This script is Copyright (C) 2012-2016 Tenable Network Security, Inc.


Synopsis :

The remote host contains a web browser that is affected by multiple
vulnerabilities.

Description :

The version of Google Chrome installed on the remote host is earlier
than 17.0.963.56 and is, therefore, affected by the following
vulnerabilities:

- Integer overflow errors exist related to PDF codecs and
libpng. (CVE-2011-3015, CVE-2011-3026)

- A read-after-free error exists related to 'counter
nodes'. (CVE-2011-3016)

- Use-after-free errors exist related to database
handling, subframe loading, and drag-and-drop
functionality. (CVE-2011-3017, CVE-2011-3021,
CVE-2011-3023)

- Heap-overflow errors exist related to path rendering and
'MKV' handling. (CVE-2011-3018, CVE-2011-3019)

- Unspecified errors exist related to the native
client validator and HTTP use with translation scripts.
(CVE-2011-3020, CVE-2011-3022)

- Empty x509 certificates can cause browser crashes.
(CVE-2011-3024)

- An out-of-bounds read error exists related to h.264
parsing. (CVE-2011-3025)

- A bad variable cast exists related to column handling.
(CVE-2011-3027)

See also :

http://www.nessus.org/u?9f5d2c3f

Solution :

Upgrade to Google Chrome 17.0.963.56 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.4
(CVSS2#E:POC/RL:U/RC:ND)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now