Google Chrome < 33.0.1750.154 Multiple Vulnerabilities

Medium Nessus Plugin ID 73082


The remote host contains a web browser that is affected by multiple vulnerabilities.


The version of Google Chrome installed on the remote host is a version prior to 33.0.1750.154. It is, therefore, affected by the following vulnerabilities :

- A remote code-execution flaw exists due to a read/write error with the a sandbox bypass, specifically the V8 JavaScript engine. This could allow an attacker to execute code or cause a denial of service if the exploit fails. (CVE-2014-1705)

- A use-after-free flaw exists with the 'document.location' bindings. An attacker, using a specially crafted web page, can dereference freed memory and could execute arbitrary code. (CVE-2014-1713)

- A flaw exists with the clipboard message filter. A context-dependent attacker could bypass sandbox restrictions. (CVE-2014-1714)

- A restriction bypass flaw exists with the 'CreatePlatformFileUnsafe()' function in the 'base/' where user input is not properly sanitized. A context-dependent attacker could open arbitrary directories bypassing sandbox restrictions. (CVE-2014-1715)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.


Upgrade to Google Chrome 33.0.1750.154 or later.

See Also

Plugin Details

Severity: Medium

ID: 73082

File Name: google_chrome_33_0_1750_154.nasl

Version: $Revision: 1.9 $

Type: local

Agent: windows

Family: Windows

Published: 2014/03/18

Modified: 2014/10/03

Dependencies: 34196

Risk Information

Risk Factor: Medium


Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:google:chrome

Required KB Items: SMB/Google_Chrome/Installed

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2014/03/14

Vulnerability Publication Date: 2014/03/14

Reference Information

CVE: CVE-2014-1705, CVE-2014-1713, CVE-2014-1714, CVE-2014-1715

BID: 66239, 66243, 66249, 66252

OSVDB: 104501, 104526, 104527, 104528