Google Chrome < 33.0.1750.154 Multiple Vulnerabilities
Medium Nessus Plugin ID 73082
SynopsisThe remote host contains a web browser that is affected by multiple vulnerabilities.
DescriptionThe version of Google Chrome installed on the remote host is a version prior to 33.0.1750.154. It is, therefore, affected by the following vulnerabilities :
- A use-after-free flaw exists with the 'document.location' bindings. An attacker, using a specially crafted web page, can dereference freed memory and could execute arbitrary code. (CVE-2014-1713)
- A flaw exists with the clipboard message filter. A context-dependent attacker could bypass sandbox restrictions. (CVE-2014-1714)
- A restriction bypass flaw exists with the 'CreatePlatformFileUnsafe()' function in the 'base/platform_file_win.cc' where user input is not properly sanitized. A context-dependent attacker could open arbitrary directories bypassing sandbox restrictions. (CVE-2014-1715)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
SolutionUpgrade to Google Chrome 33.0.1750.154 or later.