Synopsis
The remote host contains a web browser that is affected by multiple vulnerabilities.
Description
The version of Google Chrome installed on the remote host is a version prior to 28.0.1500.71 and is, therefore, affected by multiple vulnerabilities :
- A vulnerability exists that exposes HTTP in SSL to a man-in-the-middle attack. (CVE-2013-2853)
- Block pop-unders in various scenarios. (CVE-2013-2867)
- An error exists related to an incorrect sync of the NPAPI extension component. (CVE-2013-2868)
- An unspecified flaw exists due to a lack of entropy in renderers. (CVE-2013-2872)
- Use-after-free errors exist related to network sockets, input handling, and resource loading. (CVE-2013-2870, CVE-2013-2871, CVE-2013-2873)
- A screen data leak error exists related to GL textures.
(CVE-2013-2874)
- An extension permission error exists related to interstitials. (CVE-2013-2876)
- Multiple out-of-bounds errors exist related to JPEG2000, SVG, text handling and XML parsing. (CVE-2013-2869, CVE-2013-2875, CVE-2013-2877, CVE-2013-2878)
- An unspecified error exists when setting up sign-in and sync. (CVE-2013-2879)
- The vendor reports various, unspecified errors exist.
(CVE-2013-2880)
Solution
Upgrade to Google Chrome 28.0.1500.71 or later.