Google Chrome < 27.0.1453.93 Multiple Vulnerabilities

This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.


Synopsis :

The remote host contains a web browser that is affected by multiple
vulnerabilities.

Description :

The version of Google Chrome installed on the remote host is a version
prior to 27.0.1453.93 and is, therefore, affected by the following
vulnerabilities :

- Use-after-free errors exist in SVG, media loader,
Pepper resource handling, widget handling, speech
handling, style resolution, media loader, and related to
race condition with workers. (CVE-2013-2837,
CVE-2013-2840, CVE-2013-2841, CVE-2013-2842,
CVE-2013-2843, CVE-2013-2844, CVE-2013-2846,
CVE-2013-2847)

- An out-of-bounds read error exists in v8.
(CVE-2013-2838)

- A memory corruption vulnerability exists related to
a bad casting in clipboard handling. (CVE-2013-2839)

- A memory safety issue exists related to Web Audio.
(CVE-2013-2845)

- An information disclosure vulnerability exists related
to XSS Auditor. (CVE-2013-2848)

- A cross-site scripting vulnerability exists related to
drag and drop or copy and paste. (CVE-2013-2849)

See also :

http://www.nessus.org/u?ef8d3a90

Solution :

Upgrade to Google Chrome 27.0.1453.93 or later.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.0
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false