Google Chrome < 20.0.1132.43 Multiple Vulnerabilities

This script is Copyright (C) 2012-2016 Tenable Network Security, Inc.


Synopsis :

The remote host contains a web browser that is affected by multiple
vulnerabilities.

Description :

The version of Google Chrome installed on the remote host is earlier
than 20.0.1132.43 and is, therefore, affected by the following
vulnerabilities :

- An error exists related to the loading of the 'metro'
DLL. (CVE-2012-2764)

- An error exists related to the leaking of iframe
fragment id. (CVE-2012-2815)

- An error exists that allows sandboxes to interfere with
each other. (CVE-2012-2816)

- Multiple use-after-free errors exist related to table
section handling, counter layout, SVG resource handling,
SVG painting, first-letter handling and SVG reference
handling. (CVE-2012-2817, CVE-2012-2818, CVE-2012-2823,
CVE-2012-2824, CVE-2012-2829, CVE-2012-2831)

- An error exists related to texture handling that can
cause application crashes. (CVE-2012-2819)

- Out-of-bounds read errors exist related to SVG
filter handling and texture conversion. (CVE-2012-2820,
CVE-2012-2826)

- An unspecified error exists related to autofill display
actions. (CVE-2012-2821)

- Several 'OOB' read issues exist related to PDF
processing. (CVE-2012-2822)

- A read error exists related to XSL handling.
(CVE-2012-2825)

- Several integer overflow issues exist related to PDF
processing. (CVE-2012-2828)

- A pointer issue exists related to the setting of array
values. (CVE-2012-2830)

- An uninitialized pointer issue exists related to the
PDF image codec. (CVE-2012-2832)

- A buffer overflow error exists related to the PDF
JavaScript API. (CVE-2012-2833)

- An integer overflow error exists related to the
'Matroska' container. (CVE-2012-2834)

See also :

http://seclists.org/bugtraq/2012/Jul/93
http://www.nessus.org/u?c9fd4072

Solution :

Upgrade to Google Chrome 20.0.1132.43 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false