Detections
Analytics

Google Chrome < 0.2.149.29 Multiple Vulnerabilities

medium Nessus Network Monitor Plugin ID 4681

Synopsis

The remote host contains a web browser that is affected by multiple vulnerabilities.

Description

The version of Google Chrome installed on the remote host is earlier than 0.2.149.29. Such versions are reportedly are affected by several issues :

- A buffer overflow involving long filenames that display in the 'Save As...' dialog could lead to arbitrary code execution (Issue number 1414).
 - A buffer overflow in handling of link targets displayed in the status area when a user hovers over a link could lead to arbitrary code execution (Fix number 1797).
 - An out-of-bounds memory read when parsing URLs ending in ': %' could cause the application itself to crash (Issue number 122).
 - The default Downloads directory is set to Desktop, which could lead to malicious cluttering of the desktop with unwanted downloads and even execution of arbitrary programs (Fix number 17933).

Solution

Upgrade to version 0.2.149.29 or higher.

See Also

http://code.google.com/p/chromium/issues/detail?id=122,http://code.google.com/p/chromium/issues/detail?id=1414,http://googlechromereleases.blogspot.com/2008/09/beta-release-0214929.html

Plugin Details

Severity: Medium

ID: 4681

Family: Web Clients

Published: 9/16/2008

Updated: 3/6/2019

Nessus ID: 34197

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:google:chrome

Reference Information

CVE: CVE-2008-6994

BID: 30983