Google Chrome < 18.0.1025.142 Multiple Vulnerabilities

This script is Copyright (C) 2012-2016 Tenable Network Security, Inc.


Synopsis :

The remote host contains a web browser that is affected by multiple
vulnerabilities.

Description :

The version of Google Chrome installed on the remote host is earlier
than 18.0.1025.142 and is, therefore, affected by the following
vulnerabilities :

- An error exists in the v8 JavaScript engine that can
allow invalid reads. (CVE-2011-3057)

- An unspecified error exists related to bad interaction
and 'EUC-JP'. This can lead to cross-site scripting
attacks. (CVE-2011-3058)

- Out-of-bounds read errors exist related to SVG text
handling and text fragment handling. (CVE-2011-3059,
CVE-2011-3060)

- A certificate checking error exists related to the
SPDY protocol. (CVE-2011-3061)

- An off-by-one error exists in the 'OpenType Sanitizer'.
(CVE-2011-3062)

- Navigation requests from the renderer are not validated
carefully enough.(CVE-2011-3063)

- A use-after-free error exists related to SVG clipping.
(CVE-2011-3064)

- An unspecified memory corruption error exists related
to 'Skia'. (CVE-2011-3065)

- The bundled version of Adobe Flash Player contains
errors related to ActiveX and the NetStream class.
These errors can allow memory corruption, denial of
service via application crashes and possibly code
execution. (CVE-2012-0772, CVE-2012-0773)

See also :

http://www.nessus.org/u?bfbac052
http://www.nessus.org/u?db237f54

Solution :

Upgrade to Google Chrome 18.0.1025.142 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now