Google Chrome < 17.0.963.65 Multiple Vulnerabilities

This script is Copyright (C) 2012-2016 Tenable Network Security, Inc.


Synopsis :

The remote host contains a web browser that is affected by multiple
vulnerabilities.

Description :

The version of Google Chrome installed on the remote host is earlier
than 17.0.963.65 and is, therefore, affected by the following
vulnerabilities:

- Use-after-free errors exist related to 'v8 element
wrapper', SVG value handling, SVG document handling,
SVG use handling, multi-column handling, quote
handling, class attribute handling, table section
handling, flexbox with floats and SVG animation
elements. (CVE-2011-3031, CVE-2011-3032, CVE-2011-3034,
CVE-2011-3035, CVE-2011-3038, CVE-2011-3039,
CVE-2011-3041, CVE-2011-3042, CVE-2011-3043,
CVE-2011-3044)

- An error exists in the 'Skia' drawing library that can
allow buffer overflows. (CVE-2011-3033)

- Casting errors exist related to line box handling and
anonymous block splitting. (CVE-2011-3036,
CVE-2011-3037)

- An out-of-bounds read error exists related to text
handling. (CVE-2011-3040)

See also :

http://www.nessus.org/u?e979fa5d

Solution :

Upgrade to Google Chrome 17.0.963.65 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:ND)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now