Google Chrome < 5.0.375.70 Multiple Vulnerabilities
high Log Correlation Engine Plugin ID 800928
Synopsis
The remote host contains a web browser that is vulnerable to multiple attack vectors.Description
Versions of Google Chrome earlier than 5.0.375.70 are potentially affected by multiple vulnerabilities :- A cross-origin keystroke redirection vulnerability. (Bug 15766)
- A cross-origin bypass in DOM methods. (Bug 39985)
- A memory error exists in table layout. (Bug 42723)
- It is possible to escape the sandbox in Linux. (Bug 43304)
- A stale pointer exists in bitmap. (Bug 43307) - A memory corruption vulnerability exists in DOM mode normalization. (Bug 43315)
- A memory corruption vulnerability exists in text transforms. (Bug 43487)
- A cross-site scripting vulnerability exists in the innerHTML property of textarea. (Bug 43902)
- A memory corruption vulnerability exists in font handling. (Bug 44740)
- Geolocation events fire after document deletion. (Bug 44868)
- A memory corruption vulnerability exists in the rendering of list markers. (44955)
Solution
Upgrade to Google Chrome 5.0.375.70 or later.See Also
Plugin Details
Severity: High
ID: 800928
Family: Web Clients
Published: 6/8/2010
Updated: 6/8/2010
Nessus ID: 46850
Risk Information
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
Temporal Vector: CVSS2#E:U/RL:OF/RC:C
Vulnerability Information
Patch Publication Date: 6/8/2010
Vulnerability Publication Date: 6/8/2010
Reference Information
CVE: CVE-2010-1772, CVE-2010-1773