Google Chrome < 27.0.1453.93 Multiple Vulnerabilities
high Log Correlation Engine Plugin ID 800797
New! Plugin Severity Now Using CVSS v3
The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Synopsis
The remote host contains a web browser that is affected by multiple vulnerabilitiesDescription
Versions of Google Chrome prior to 27.0.1453.93 are affected by the following vulnerabilities :- Use-after-free errors exist in SVG, media loader, Pepper resource handling, widget handling, speech handling, style resolution, media loader, and related to race condition with workers. (CVE-2013-2837, CVE-2013-2840, CVE-2013-2841, CVE-2013-2842, CVE-2013-2843, CVE-2013-2844, CVE-2013-2846, CVE-2013-2847)
- An out-of-bounds read error exists in v8. (CVE-2013-2838)
- A memory corruption vulnerability exists related to a bad casting in clipboard handling. (CVE-2013-2839)
- A memory safety issue exists related to Web Audio. (CVE-2013-2845)
- An information disclosure vulnerability exists related to XSS Auditor. (CVE-2013-2848)
- A cross-site scripting vulnerability exists related to drag and drop or copy and paste. (CVE-2013-2849)
Solution
Upgrade to Google Chrome 27.0.1453.93 or later.See Also
Plugin Details
Severity: High
ID: 800797
Family: Web Clients
Published: 5/23/2013
Updated: 5/23/2013
Nessus ID: 66556
Risk Information
CVSS v2
Risk Factor: High
Base Score: 9.3
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
Vulnerability Information
Patch Publication Date: 5/21/2013
Vulnerability Publication Date: 5/21/2013
Reference Information
CVE: CVE-2013-2846, CVE-2013-2837, CVE-2013-2836, CVE-2013-2838, CVE-2013-2839, CVE-2013-2840, CVE-2013-2841, CVE-2013-2842, CVE-2013-2843, CVE-2013-2844, CVE-2013-2845, CVE-2013-2847, CVE-2013-2848, CVE-2013-2849
BID: 60062, 60063, 60064, 60065, 60066, 60067, 60068, 60069, 60070, 60071, 60072, 60073, 60074, 60076