Google Chrome < 26.0.1410.43 Multiple Vulnerabilities

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote host contains a web browser that is affected by multiple
vulnerabilities.

Description :

The version of Google Chrome installed on the remote host is a
version prior to 26.0.1410.43 and is, therefore, affected by the
following vulnerabilities :

- Use-after-free errors exist related to 'Web Audio' and
the extension bookmarks API. (CVE-2013-0916,
CVE-2013-0920)

- An out-of-bounds read error exists related to the URL
loader. (CVE-2013-0917)

- An unspecified error exists related to 'drag and drop'
actions and the developer tools. (CVE-2013-0918)

- An unspecified error exists related to website process
isolation. (CVE-2013-0921)

- An error exists related to HTTP basic authentication
and brute-force attacks. (CVE-2013-0922)

- A memory safety issue exists related to the 'USB Apps'
API. (CVE-2013-0923)

- A permissions error exists related to extensions API
and file permissions. (CVE-2013-0924)

- URLs can be leaked to extensions even if the extension
does not have the 'tabs' permission. (CVE-2013-0925)

- An error exists related to 'active tags' and the paste
action that has unspecified impact. (CVE-2013-0926)

See also :

http://www.nessus.org/u?11700993

Solution :

Upgrade to Google Chrome 26.0.1410.43 or later.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.0
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now