Google Chrome < 36.0.1985.143 Multiple Vulnerabilities

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote host contains a web browser that is affected by multiple
vulnerabilities.

Description :

The version of Google Chrome installed on the remote host is a version
prior to 36.0.1985.143. It is, therefore, affected by the following
vulnerabilities :

- A use-after-free error exists in the Web Sockets
implementation in Blink which allows remote attackers
to cause a denial of service.
(CVE-2014-3165)

- An information disclosure vulnerability exists due to
the Public Key Pinning (PKP) implementation not
correctly considering the properties of SPDY
connections. This error allows remote attackers to
obtain sensitive information by leveraging the use of
multiple domain names. (CVE-2014-3166)

- Multiple unspecified vulnerabilities allow attackers to
cause a denial of service.
(CVE-2014-3167)

See also :

http://www.nessus.org/u?53a4c8be

Solution :

Upgrade to Google Chrome 36.0.1985.143 or later.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 77184 ()

Bugtraq ID: 69201
69202
69203

CVE ID: CVE-2014-3165
CVE-2014-3166
CVE-2014-3167

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now