Google Chrome < 17.0.963.83 Multiple Vulnerabilities

This script is Copyright (C) 2012-2016 Tenable Network Security, Inc.


Synopsis :

The remote host contains a web browser that is affected by multiple
vulnerabilities.

Description :

The version of Google Chrome installed on the remote host is earlier
than 17.0.963.83 and is, therefore, affected by the following
vulnerabilities :

- An unspecified integer issue exists in libpng.
(CVE-2011-3045)

- An error exists related to the extension web request
API that could allow denial of service attacks.
Note this issue was corrected in a previous, unspecified
release. (CVE-2011-3049)

- Use-after-free errors exist related to 'first-letter'
handling, CSS cross-fade handling and block splitting.
(CVE-2011-3050, CVE-2011-3051, CVE-2011-3053)

- A memory corruption error exists related to WebGL
canvas handling. (CVE-2011-3052)

- An error exists related to webui privilege isolation.
(CVE-2011-3054)

- Installation of unpacked extensions does not use the
application's native user interface for prompts.
(CVE-2011-3055)

- A cross-origin violation is possible with 'magic iframe'.
(CVE-2011-3056)

- The v8 JavaScript engine could allow invalid reads to
take place. (CVE-2011-3057)

See also :

http://www.nessus.org/u?790c7e10

Solution :

Upgrade to Google Chrome 17.0.963.83 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now