SynopsisThe remote host contains a web browser that is affected by multiple vulnerabilities.
DescriptionThe version of Google Chrome installed on the remote host is earlier than 21.0.1180.89 and is, therefore, affected by the following vulnerabilities :
- An out-of-bounds read error exists related to line-breaking. (CVE-2012-2865)
- Variable casting errors exist related to 'run-ins' and XSL transformations. (CVE-2012-2866, CVE-2012-2871)
- An unspecified error exists related to the SPDY protocol that can result in application crashes.
- A unspecified race condition exists related to 'workers' and XHR. (CVE-2012-2868)
- An unspecified error exists related to stale buffers and URL loading. (CVE-2012-2869)
- Memory management issues exist related to XPath processing. (CVE-2012-2870)
- Cross-site scripting is possible during the SSL interstitial process. (CVE-2012-2872)
Successful exploitation of any of these issues could lead to an application crash or arbitrary code execution, subject to the user's privileges.
SolutionUpgrade to Google Chrome 21.0.1180.89 or later.