Google Chrome < 25.0.1364.152 Multiple Vulnerabilities

This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.


Synopsis :

The remote host contains a web browser that is affected by multiple
vulnerabilities.

Description :

The version of Google Chrome installed on the remote host is a
version prior to 25.0.1364.152. It is, therefore, affected by the
following vulnerabilities :

- Use-after-free errors exist related to the frame
loader, browser navigation handling and SVG
animation. (CVE-2013-0902, CVE-2013-0903, CVE-2013-0905)

- Memory corruption errors exist related to 'Web Audio'
and 'Indexed DB'. (CVE-2013-0904, CVE-2013-0906)

- A race condition exists related to media thread
handling. (CVE-2013-0907)

- An unspecified error exists related to extension
process bindings. (CVE-2013-0908)

- The 'XSS Auditor' could leak referrer information.
(CVE-2013-0909)

- An unspecified error exists related to loading
strictness and 'Mediate renderer -> browser plug-in'.
(CVE-2013-0910)

- A path traversal error exists related to database
handling. (CVE-2013-0911)

See also :

http://www.nessus.org/u?871cfa58

Solution :

Upgrade to Google Chrome 25.0.1364.152 or later.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now