Google Chrome < 25.0.1364.152 Multiple Vulnerabilities

High Log Correlation Engine Plugin ID 800923

Synopsis

The remote host contains a web browser that is affected by multiple vulnerabilities.

Description

Versions of Google Chrome earlier than 25.0.1364.152 are potentially affected by the following vulnerabilities :

- Use-after-free errors exist related to the frame loader, browser navigation handling and SVG animation. (CVE-2013-0902, CVE-2013-0903, CVE-2013-0905)

- Memory corruption errors exist related to 'Web Audio' and 'Indexed DB'. (CVE-2013-0904, CVE-2013-0906)

- A race condition exists related to media thread handling. (CVE-2013-0907)

- An unspecified error exists related to extension process bindings. (CVE-2013-0908)

- The 'XSS Auditor' could leak referrer information. (CVE-2013-0909)

- An unspecified error exists related to loading strictness and 'Mediate renderer -&gt; browser plug-in'. (CVE-2013-0910)

- A path traversal error exists related to database handling. (CVE-2013-0911)

Solution

Upgrade to Google Chrome 25.0.1364.152 or later.

See Also

http://www.nessus.org/u?871cfa58

Plugin Details

Severity: High

ID: 800923

File Name: 800923.prm

Family: Web Clients

Published: 2013/03/06

Nessus ID: 65029

Risk Information

Risk Factor: High

CVSSv2

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

Patch Publication Date: 2013/03/04

Vulnerability Publication Date: 2013/03/04

Reference Information

CVE: CVE-2013-0902, CVE-2013-0903, CVE-2013-0904, CVE-2013-0905, CVE-2013-0906, CVE-2013-0907, CVE-2013-0908, CVE-2013-0909, CVE-2013-0910, CVE-2013-0911

BID: 58291, 59515, 59516, 59517, 59518, 59519, 59520, 59521, 59522, 59523, 59524