Google Chrome < 25.0.1364.152 Multiple Vulnerabilities

Medium Nessus Plugin ID 65029

Synopsis

The remote host contains a web browser that is affected by multiple vulnerabilities.

Description

The version of Google Chrome installed on the remote host is a version prior to 25.0.1364.152. It is, therefore, affected by the following vulnerabilities :

- Use-after-free errors exist related to the frame loader, browser navigation handling and SVG animation. (CVE-2013-0902, CVE-2013-0903, CVE-2013-0905)

- Memory corruption errors exist related to 'Web Audio' and 'Indexed DB'. (CVE-2013-0904, CVE-2013-0906)

- A race condition exists related to media thread handling. (CVE-2013-0907)

- An unspecified error exists related to extension process bindings. (CVE-2013-0908)

- The 'XSS Auditor' could leak referrer information.
(CVE-2013-0909)

- An unspecified error exists related to loading strictness and 'Mediate renderer -> browser plug-in'.
(CVE-2013-0910)

- A path traversal error exists related to database handling. (CVE-2013-0911)

Solution

Upgrade to Google Chrome 25.0.1364.152 or later.

See Also

http://www.nessus.org/u?f8ae6261

Plugin Details

Severity: Medium

ID: 65029

File Name: google_chrome_25_0_1364_152.nasl

Version: 1.17

Type: local

Agent: windows

Family: Windows

Published: 2013/03/05

Updated: 2018/11/15

Dependencies: 34196

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:google:chrome

Required KB Items: SMB/Google_Chrome/Installed

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2013/03/04

Vulnerability Publication Date: 2013/03/04

Reference Information

CVE: CVE-2013-0902, CVE-2013-0903, CVE-2013-0904, CVE-2013-0905, CVE-2013-0906, CVE-2013-0907, CVE-2013-0908, CVE-2013-0909, CVE-2013-0910, CVE-2013-0911

BID: 59515, 59516, 59517, 59518, 59519, 59520, 59521, 59522, 59523, 59524