Google Chrome < 30.0.1599.66 Multiple Vulnerabilities

high Log Correlation Engine Plugin ID 801606

Synopsis

The remote host contains a web browser that is affected by multiple vulnerabilities.

Description

The remote host has Google Chrome browser installed. Versions of Google Chrome prior to 30.0.1599.66 are affected by the following vulnerabilities :

- A security vulnerability exists due to races in web audio. (CVE-2013-2906)

- An out-of-bounds read error in 'Window.prototype' object. (CVE-2013-2907)

- Multiple address bar spoofing vulnerabilities exists related to the '204 No Content' status code. (CVE-2013-2908, CVE-2013-2916)

- A use-after-free issue in inline-block rendering. (CVE-2013-2909)

- A use-after-free issue in Web Audio. (CVE-2013-2910)

- A use-after-free issue in XSLT. (CVE-2013-2911)

- A use-after-free issue in PPAPI. (CVE-2013-2912)

- A use-after-free issue in XML document parsing. (CVE-2013-2913)

- A use-after-free issue in the Windows color chooser dialog. (CVE-2013-2914)

- An address bar spoofing vulnerability occurs though a malformed scheme (CVE-2013-2915)

- An out-of-bounds read error in web audio. (CVE-2013-2917)

- A use-after-free issue in Dom. (CVE-2013-2918)

- A memory-corruption vulnerability exists in V8

- (CVE-2013-2919)

- An out-of-bounds read error in URL parsing. (CVE-2013-2920)

- A use-after-free issue in resource loader. (CVE-2013-2921)

- A use-after-free issue in template element. (CVE-2013-2922)

- Multiple unspecified issues affect the application. (CVE-2013-2923)

- A use-after-free issue in ICU. (CVE-2013-2924)

Solution

Upgrade to Google Chrome 30.0.1599.66 or later.

See Also

http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html

Plugin Details

Severity: High

ID: 801606

Family: Web Clients

Published: 9/2/2013

Vulnerability Information

Patch Publication Date: 9/1/2013

Vulnerability Publication Date: 9/1/2013

Reference Information

CVE: CVE-2013-2906, CVE-2013-2907, CVE-2013-2908, CVE-2013-2909, CVE-2013-2910, CVE-2013-2911, CVE-2013-2912, CVE-2013-2913, CVE-2013-2914, CVE-2013-2915, CVE-2013-2916, CVE-2013-2917, CVE-2013-2918, CVE-2013-2919, CVE-2013-2920, CVE-2013-2921, CVE-2013-2922, CVE-2013-2923, CVE-2013-2924

BID: 62752