Google Chrome < 34.0.1847.137 Multiple Vulnerabilities (Mac OS X)

High Nessus Plugin ID 74009


The remote Mac OS X host contains a web browser that is affected by multiple vulnerabilities.


The version of Google Chrome installed on the remote Mac OS X host is a version prior to 34.0.1847.137. It is, therefore, affected by the following vulnerabilities :

- A use-after-free error exists in the included Flash version that could lead to arbitrary code execution.

- An unspecified error exists in the included Flash version that could allow a bypass of the same origin policy. (CVE-2014-0516)

- Several security bypass errors exist in the included Flash version. (CVE-2014-0517, CVE-2014-0518, CVE-2014-0519, CVE-2014-0520)

- Use-after-free errors exist related to 'WebSockets' and 'editing'. (CVE-2014-1740, CVE-2014-1742)

- An integer overflow error exists related to DOM ranges. (CVE-2014-1741)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.


Upgrade to Google Chrome 34.0.1847.137 or later.

See Also

Plugin Details

Severity: High

ID: 74009

File Name: macosx_google_chrome_34_0_1847_137.nasl

Version: $Revision: 1.12 $

Type: local

Agent: macosx

Published: 2014/05/14

Modified: 2017/06/06

Dependencies: 70890

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 7.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:google:chrome

Required KB Items: MacOSX/Google Chrome/Installed

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2014/05/13

Vulnerability Publication Date: 2014/05/13

Reference Information

CVE: CVE-2014-0510, CVE-2014-0516, CVE-2014-0517, CVE-2014-0518, CVE-2014-0519, CVE-2014-0520, CVE-2014-1740, CVE-2014-1741, CVE-2014-1742

BID: 66241, 67361, 67364, 67371, 67372, 67373, 67374, 67375, 67376

OSVDB: 104585, 105750, 106886, 106887, 106888, 106889, 106890, 106914, 106915