Google Chrome < 17.0.963.46 Multiple Vulnerabilities

High Nessus Plugin ID 57876


The remote host contains a web browser that is affected by multiple vulnerabilities.


The version of Google Chrome installed on the remote host is earlier than 17.0.963.46 and is, therefore, affected by the following vulnerabilities:

- Clipboard monitoring after a paste action is possible.

- Application crashes are possible with excessive database usage, killing an 'IndexDB' transaction, signature checks and processing unusual certificates.
(CVE-2011-3954, CVE-2011-3955, CVE-2011-3965, CVE-2011-3967)

- Sandboxed origins are not handled properly inside extensions. (CVE-2011-3956)

- Use-after-free errors exist related to PDF garbage collection, stylesheet error handling, CSS handling, SVG layout and 'mousemove' event handling.
(CVE-2011-3957, CVE-2011-3966, CVE-2011-3968, CVE-2011-3969, CVE-2011-3971)

- An error exists related to bad casting and column spans. (CVE-2011-3958)

- A buffer overflow exists related to locale handing.

- Out-of-bounds read errors exist related to audio decoding, path clipping, PDF fax imaging, 'libxslt', and the shader translator. (CVE-2011-3960, CVE-2011-3962, CVE-2011-3963, CVE-2011-3970, CVE-2011-3972)

- A race condition exists after a utility process crashes. (CVE-2011-3961)

- An unspecified error exists related to the URL bar after drag and drop operations. (CVE-2011-3964)


Upgrade to Google Chrome 17.0.963.46 or later.

See Also

Plugin Details

Severity: High

ID: 57876

File Name: google_chrome_17_0_963_46.nasl

Version: $Revision: 1.12 $

Type: local

Agent: windows

Family: Windows

Published: 2012/02/09

Modified: 2016/05/20

Dependencies: 34196

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 7.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:ND

Vulnerability Information

CPE: cpe:/a:google:chrome

Required KB Items: SMB/Google_Chrome/Installed

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2012/02/08

Vulnerability Publication Date: 2012/02/08

Reference Information

CVE: CVE-2011-3953, CVE-2011-3954, CVE-2011-3955, CVE-2011-3956, CVE-2011-3957, CVE-2011-3958, CVE-2011-3959, CVE-2011-3960, CVE-2011-3961, CVE-2011-3962, CVE-2011-3963, CVE-2011-3964, CVE-2011-3965, CVE-2011-3966, CVE-2011-3967, CVE-2011-3968, CVE-2011-3969, CVE-2011-3970, CVE-2011-3971, CVE-2011-3972

BID: 51911

OSVDB: 77698, 78933, 78934, 78935, 78936, 78937, 78938, 78940, 78941, 78942, 78943, 78944, 78945, 78946, 78947, 78948, 78949, 78950, 78951, 78952