This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.
The remote host contains a web browser that is affected by multiple
The version of Google Chrome installed on the remote host is earlier
than 24.0.1312.52 and is, therefore, affected by the following
- Use-after-free errors exist related to SVG layout,
DOM handling, video seeking, PDF fields and printing.
(CVE-2012-5145, CVE-2012-5147, CVE-2012-5150,
- An error related to malformed URLs can allow a Same
Origin Policy (SOP) bypass, thereby allowing cross-site
scripting attacks. (CVE-2012-5146)
- A user-input validation error exists related to filenames
and hyphenation support. (CVE-2012-5148)
- Integer overflow errors exist related to audio IPC
(CVE-2012-5149, CVE-2012-5151, CVE-2012-5154)
- Out-of-bounds read errors exist related to video
seeking, PDF image handling, printing and glyph
handling. (CVE-2012-5152, CVE-2012-5157,
- An out-of-bounds stack access error exists in the
- A casting error exists related to PDF 'root' handling.
- An unspecified error exists that can corrupt database
metadata leading to incorrect file access.
- An error exists related to IPC and 'NUL' termination.
- An error exists related to extensions that may allow
improper path traversals. (CVE-2013-0831)
- An unspecified error exists related to geolocation.
- An unspecified error exists related to garbage
- An unspecified error exists related to extension tab
- The bundled version of Adobe Flash Player contains
flaws that can lead to arbitrary code execution.
Successful exploitation of some of these issues could lead to an
application crash or even allow arbitrary code execution, subject to the
See also :
Upgrade to Google Chrome 24.0.1312.52 or later.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.7
Public Exploit Available : true
Nessus Plugin ID: 63468 ()
CVE ID: CVE-2012-5145
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now