Google Chrome < 18.0.1025.168 Multiple Vulnerabilities

This script is Copyright (C) 2012-2016 Tenable Network Security, Inc.


Synopsis :

The remote host contains a web browser that is affected by multiple
vulnerabilities.

Description :

The version of Google Chrome installed on the remote host is earlier
than 18.0.1025.168 and is, therefore, affected by the following
vulnerabilities :

- Use-after-free errors exist related to floating element
handling and the xml parser. (CVE-2011-3078,
CVE-2012-1521, CVE-2011-3081)

- A validation error exists related to Inter-Process
Communications (IPC). (CVE-2011-3079)

- A race condition exists in the method
'CrossCallParamsEx::CreateFromBuffer' in the file
'sandbox/src/crosscall_server.cc' and is related to
sandbox Inter-Process Communication (IPC).
(CVE-2011-3080)

See also :

http://www.nessus.org/u?33461cc2

Solution :

Upgrade to Google Chrome 18.0.1025.168 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 58954 ()

Bugtraq ID: 53309

CVE ID: CVE-2011-3078
CVE-2011-3079
CVE-2011-3080
CVE-2011-3081
CVE-2012-1521

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now