SynopsisThe remote host contains a web browser that is affected by multiple vulnerabilities.
DescriptionThe version of Google Chrome installed on the remote host is a version prior to 34.0.1847.116. It is, therefore, affected by the following vulnerabilities :
- A use-after-free error exists in the included Flash version that could lead to arbitrary code execution.
- A buffer overflow error exists in the included Flash version that could lead to arbitrary code execution.
- An unspecified error exists in the included Flash version that could allow a security bypass leading to information disclosure. (CVE-2014-0508)
- An unspecified error exists in the included Flash version that could allow cross-site scripting attacks.
- An unspecified flaw exists related to IPC message injection that allows an unauthenticated, remote attacker to bypass sandbox restrictions. (CVE-2014-1709)
- An input validation error exists that could allow universal cross-site scripting (UXSS) attacks.
- An integer overflow error exists related to the compositor. (CVE-2014-1718)
- Use-after-free errors exist related to web workers, DOM processing, rendering, speech handling and forms handling. (CVE-2014-1719, CVE-2014-1720, CVE-2014-1722, CVE-2014-1724, CVE-2014-1727)
- An URL confusion error exists related to handling RTL characters. (CVE-2014-1723)
- An out-of-bounds read error exists related to handling 'window property' processing. (CVE-2014-1725)
- An unspecified error exists that could allow local cross-origin bypasses. (CVE-2014-1726)
- Various, unspecified memory handling errors exist.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
SolutionUpgrade to Google Chrome 34.0.1847.116 or later.