Google Chrome < 37.0.2062.94 Multiple Vulnerabilities (Mac OS X)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote Mac OS X host contains a web browser that is affected by
multiple vulnerabilities.

Description :

The version of Google Chrome installed on the remote Mac OS X host is
a version prior to 37.0.2062.94. It is, therefore, affected by the
following vulnerabilities :

- Blink contains a use-after-free vulnerability in its SVG
implementation. By using a specially crafted web page, a
remote attacker can cause a denial of service or execute
arbitrary code. (CVE-2014-3168)

- Blink contains a use-after-free vulnerability in its DOM
implementation. By using a specially crafted web page, a
remote attacker can cause a denial of service or execute
arbitrary code. (CVE-2014-3169)

- A flaw exists in the 'url_pattern.cc' file that does not
prevent the use of NULL characters '\0' in a host name.
A remote attacker can use this to spoof the extension
permission dialogue by relying on truncation after this
character. (CVE-2014-3170)

- Blink contains a use-after-free vulnerability in its V8
bindings. By using improper HashMap add operations, a
remote attacker can cause a denial of service or execute
arbitrary code. (CVE-2014-3171)

- The Debugger extension API does not properly a validate
a tab's URL before attaching. A remote attacker can
therefore bypass access limitations by means of an
extension that uses a restricted URL. (CVE-2014-3172)

- A flaw exists in the WebGL implementation where clear
calls do not interact properly with the draw buffer. By
using a specially crafted CANVAS element, a remote
attacker can cause a denial of service. (CVE-2014-3173)

- A flaw exists in the Blink Web Audio API implementation
in how it updates biquad filter coefficients when there
are concurrent threads. By using specially crafted API
calls, a remote attacker can cause a denial of service.
(CVE-2014-3174)

- Flaws exist in the 'load_truetype_glyph' function and
other unspecified functions which can be exploited by a
remote attacker to cause a denial of service or other
impact. (CVE-2014-3175)

- Flaws exist related to the interaction of the IPC, Sync
API, and V8 extensions. A remote attacker can exploit
these to bypass the sandbox and execute arbitrary code.
(CVE-2014-3176, CVE-2014-3177)

See also :

http://www.nessus.org/u?bc0adbf3

Solution :

Upgrade to Google Chrome 37.0.2062.94 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now