Google Chrome < 13.0.782.215 Multiple Vulnerabilities

high Nessus Plugin ID 55959

Synopsis

The remote host contains a web browser that is affected by multiple vulnerabilities.

Description

The version of Google Chrome installed on the remote host is earlier than 13.0.782.215 and is potentially affected by several vulnerabilities:

- An unspecified error related to command line URL parsing exists. (Issue #72492)

- Use-after-free errors related to line box handling, counter nodes, custom fonts, and text searching.
(Issue #82552, #88216, #88670, #90668)

- A double-free error related to libxml XPath handling exists. (Issue #89402)

- An error related to empty origins exists that can allow cross-domain violation. (Issue #87453)

- A memory corruption error exists related to vertex handling. (Issue #89836)

- An out-of-bounds write error exists in the v8 JavaScript engine. (Issue #91517)

- An integer overrun error exists in the handling of uniform arrays. (Issue #91598)

Solution

Upgrade to Google Chrome 13.0.782.215 or later.

See Also

https://www.zerodayinitiative.com/advisories/ZDI-12-054/

http://www.nessus.org/u?2a73db57

Plugin Details

Severity: High

ID: 55959

File Name: google_chrome_13_0_782_215.nasl

Version: 1.12

Type: local

Agent: windows

Family: Windows

Published: 8/23/2011

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus Agent

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:google:chrome

Required KB Items: SMB/Google_Chrome/Installed

Exploit Ease: No known exploits are available

Patch Publication Date: 8/22/2011

Vulnerability Publication Date: 8/22/2011

Reference Information

CVE: CVE-2011-2806, CVE-2011-2821, CVE-2011-2822, CVE-2011-2823, CVE-2011-2824, CVE-2011-2825, CVE-2011-2826, CVE-2011-2827, CVE-2011-2828, CVE-2011-2829

BID: 49279