Google Chrome < 36.0.1985.143 Multiple Vulnerabilities

Medium Nessus Plugin ID 77184


The remote host contains a web browser that is affected by multiple vulnerabilities.


The version of Google Chrome installed on the remote host is a version prior to 36.0.1985.143. It is, therefore, affected by the following vulnerabilities :

- A use-after-free error exists in the Web Sockets implementation in Blink which allows remote attackers to cause a denial of service.

- An information disclosure vulnerability exists due to the Public Key Pinning (PKP) implementation not correctly considering the properties of SPDY connections. This error allows remote attackers to obtain sensitive information by leveraging the use of multiple domain names. (CVE-2014-3166)

- Multiple unspecified vulnerabilities allow attackers to cause a denial of service.


Upgrade to Google Chrome 36.0.1985.143 or later.

See Also

Plugin Details

Severity: Medium

ID: 77184

File Name: google_chrome_36_0_1985_143.nasl

Version: $Revision: 1.6 $

Type: local

Agent: windows

Family: Windows

Published: 2014/08/13

Modified: 2014/10/03

Dependencies: 34196

Risk Information

Risk Factor: Medium


Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:google:chrome

Required KB Items: SMB/Google_Chrome/Installed

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2014/08/12

Vulnerability Publication Date: 2014/08/12

Reference Information

CVE: CVE-2014-3165, CVE-2014-3166, CVE-2014-3167

BID: 69201, 69202, 69203