Google Chrome < 24.0.1312.52 Multiple Vulnerabilities

This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.

Synopsis :

The remote host contains a web browser that is affected by multiple

Description :

The version of Google Chrome installed on the remote host is earlier
than 24.0.1312.52 and is, therefore, affected by the following
vulnerabilities :

- Use-after-free errors exist related to SVG layout,
DOM handling, video seeking, PDF fields and printing.
(CVE-2012-5145, CVE-2012-5147, CVE-2012-5150,
CVE-2012-5156, CVE-2013-0832)

- An error related to malformed URLs can allow a Same
Origin Policy (SOP) bypass, thereby allowing cross-site
scripting attacks. (CVE-2012-5146)

- A user-input validation error exists related to filenames
and hyphenation support. (CVE-2012-5148)

- Integer overflow errors exist related to audio IPC
handling, PDF JavaScript and shared memory allocation.
(CVE-2012-5149, CVE-2012-5151, CVE-2012-5154)

- Out-of-bounds read errors exist related to video
seeking, PDF image handling, printing and glyph
handling. (CVE-2012-5152, CVE-2012-5157,
CVE-2012-0833, CVE-2012-0834)

- An out-of-bounds stack access error exists in the
v8 JavaScript engine. (CVE-2012-5153)

- A casting error exists related to PDF 'root' handling.

- An unspecified error exists that can corrupt database
metadata leading to incorrect file access.

- An error exists related to IPC and 'NUL' termination.

- An error exists related to extensions that may allow
improper path traversals. (CVE-2013-0831)

- An unspecified error exists related to geolocation.

- An unspecified error exists related to garbage
collection in the v8 JavaScript engine. (CVE-2013-0836)

- An unspecified error exists related to extension tab
handling. (CVE-2013-0837)

- The bundled version of Adobe Flash Player contains
flaws that can lead to arbitrary code execution.

Successful exploitation of some of these issues could lead to an
application crash or even allow arbitrary code execution, subject to the
user's privileges.

See also :

Solution :

Upgrade to Google Chrome 24.0.1312.52 or later.

Risk factor :

High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.7
Public Exploit Available : true