Google Chrome < Multiple Vulnerabilities

medium Nessus Plugin ID 35558


The remote host contains a web browser that is affected by multiple vulnerabilities.


The version of Google Chrome installed on the remote host is earlier than Such versions are reportedly affected by several issues :

- Cross-site scripting vulnerabilities in the Adobe Reader Plugin itself could be leveraged using a PDF document to run scripts on arbitrary sites via Google Chrome.
(CVE-2007-0048 and CVE-2007-0045)

- A cross-domain security-bypass vulnerability that could allow an attacker to bypass the same-origin policy and gain access to potentially sensitive information.

- A remote attacker may be able to gain access to the 'Set-Cookie' and 'Set-Cookie2' response headers via XMLHttpRequest calls. (CVE-2009-0411)


Upgrade to Google Chrome version or later.

See Also

Plugin Details

Severity: Medium

ID: 35558

File Name: google_chrome_1_0_154_46.nasl

Version: 1.19

Type: local

Agent: windows

Family: Windows

Published: 1/31/2009

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information


Risk Factor: Medium

Score: 4.4


Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: cpe:/a:google:chrome

Required KB Items: SMB/Google_Chrome/Installed

Exploit Ease: No known exploits are available

Patch Publication Date: 1/28/2009

Vulnerability Publication Date: 12/27/2006

Reference Information

CVE: CVE-2007-0045, CVE-2007-0048, CVE-2009-0276, CVE-2009-0411

BID: 21858, 33529, 33773

CWE: 264