Google Chrome < 27.0.1453.93 Multiple Vulnerabilities

High Log Correlation Engine Plugin ID 800797

Synopsis

The remote host contains a web browser that is affected by multiple vulnerabilities

Description

Versions of Google Chrome prior to 27.0.1453.93 are affected by the following vulnerabilities :

 - Use-after-free errors exist in SVG, media loader, Pepper resource handling, widget handling, speech handling, style resolution, media loader, and related to race condition with workers. (CVE-2013-2837, CVE-2013-2840, CVE-2013-2841, CVE-2013-2842, CVE-2013-2843, CVE-2013-2844, CVE-2013-2846, CVE-2013-2847)

 - An out-of-bounds read error exists in v8. (CVE-2013-2838)

 - A memory corruption vulnerability exists related to a bad casting in clipboard handling. (CVE-2013-2839)

 - A memory safety issue exists related to Web Audio. (CVE-2013-2845)

 - An information disclosure vulnerability exists related to XSS Auditor. (CVE-2013-2848)

 - A cross-site scripting vulnerability exists related to drag and drop or copy and paste. (CVE-2013-2849)

Solution

Upgrade to Google Chrome 27.0.1453.93 or later.

See Also

http://www.nessus.org/u?ef8d3a90

Plugin Details

Severity: High

ID: 800797

Family: Web Clients

Published: 2013/05/23

Nessus ID: 66556

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

Patch Publication Date: 2013/05/21

Vulnerability Publication Date: 2013/05/21

Reference Information

CVE: CVE-2013-2836, CVE-2013-2837, CVE-2013-2838, CVE-2013-2839, CVE-2013-2840, CVE-2013-2841, CVE-2013-2842, CVE-2013-2843, CVE-2013-2844, CVE-2013-2845, CVE-2013-2846, CVE-2013-2847, CVE-2013-2848, CVE-2013-2849

BID: 60062, 60063, 60064, 60065, 60066, 60067, 60068, 60069, 60070, 60071, 60072, 60073, 60074, 60076