Google Chrome < 6.0.472.59 Multiple Vulnerabilities
high Log Correlation Engine Plugin ID 800910
Synopsis
The remote host contains a web browser that is vulnerable to multiple attack vectors.Description
Versions of Google chrome earlier than 6.0.472.59 are potentially affected by multiple vulnerabilities :- A use-after-free error exists when using document APIs during parse. (Bug 50250)
- A use-after-free error exists in SVG styles. (Bug 50712)
- A use-after-free error exists with nested SVG elements. (Bug 51252)
- A possible browser assert exists in cursor handling. (Bug 51709)
- A race condition exists in console handling. (Bug 51919)
- An unlikely browser crash exists in pop-up blocking. (Bug 53176)
- Bug 45400 is incorrectly fixed on Mac. (Bug 53361)
- A memory corruption error exists in Geolocation. (Bug 53394)
- A memory corruption issue exists in Khmer handling. Note that this only affects Chrome for Linux. (Bug 53930)
- An error exists because Chrome fails to prompt for extension history access. (Bug 54006)
Solution
Upgrade to Google Chrome 6.0.472.59 or later.See Also
googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html
Plugin Details
Severity: High
ID: 800910
Family: Web Clients
Published: 9/16/2010
Updated: 9/16/2010
Nessus ID: 49237
Risk Information
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
Temporal Vector: CVSS2#E:U/RL:OF/RC:C
Vulnerability Information
Patch Publication Date: 9/14/2010
Vulnerability Publication Date: 9/14/2010
Reference Information
CVE: CVE-2010-1824, CVE-2010-3417, CVE-2010-1825, CVE-2010-3416, CVE-2010-3413, CVE-2010-3415, CVE-2010-3412, CVE-2010-1823, CVE-2010-3414, CVE-2010-3411
BID: 43228