This script is Copyright (C) 2014 Tenable Network Security, Inc.
The remote host contains a web browser that is affected by multiple
The version of Google Chrome installed on the remote host is a version
prior to 36.0.1985.143. It is, therefore, affected by the following
- A use-after-free error exists in the Web Sockets
implementation in Blink which allows remote attackers
to cause a denial of service.
- An information disclosure vulnerability exists due to
the Public Key Pinning (PKP) implementation not
correctly considering the properties of SPDY
connections. This error allows remote attackers to
obtain sensitive information by leveraging the use of
multiple domain names. (CVE-2014-3166)
- Multiple unspecified vulnerabilities allow attackers to
cause a denial of service.
See also :
Upgrade to Google Chrome 36.0.1985.143 or later.
Risk factor :
Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.9
Public Exploit Available : false