Google Chrome < 36.0.1985.143 Multiple Vulnerabilities (Mac OS X)

Medium Nessus Plugin ID 77185


The remote Mac OS X host contains a web browser that is affected by multiple vulnerabilities.


The version of Google Chrome installed on the remote Mac OS X host is a version prior to 36.0.1985.143. It is, therefore, affected by the following vulnerabilities :

- A use-after-free error exists in the Web Sockets implementation in Blink which allows remote attackers to cause a denial of service.

- An information disclosure vulnerability exists due to the Public Key Pinning (PKP) implementation not correctly considering the properties of SPDY connections. This error allows remote attackers to obtain sensitive information by leveraging the use of multiple domain names. (CVE-2014-3166)

- Multiple unspecified vulnerabilities allow attackers to cause a denial of service.


Upgrade to Google Chrome 36.0.1985.143 or later.

See Also

Plugin Details

Severity: Medium

ID: 77185

File Name: macosx_google_chrome_36_0_1985_143.nasl

Version: $Revision: 1.6 $

Type: local

Agent: macosx

Published: 2014/08/13

Modified: 2014/10/03

Dependencies: 70890

Risk Information

Risk Factor: Medium


Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:google:chrome

Required KB Items: MacOSX/Google Chrome/Installed

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2014/08/12

Vulnerability Publication Date: 2014/08/12

Reference Information

CVE: CVE-2014-3165, CVE-2014-3166, CVE-2014-3167

BID: 69201, 69202, 69203