Google Chrome < 6.0.472.53 Multiple Vulnerabilities

medium Nessus Network Monitor Plugin ID 5654
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote host contains a web browser that is vulnerable to multiple attack vectors.

Description

Versions of Google Chrome earlier than 6.0.472.53 are potentially affected by multiple vulnerabilities :

- It is possible to bypass the pop-up blocker with a blank frame target. (Bug 34414)

- It is possible to visually spoof the URL bar with homographic sequences. (Bug 37201)

- Restrictions on setting clipboard content are not strict enough. (Bug 41654)

- A stale pointer exists in SVG filters. (Bug 45659)

- It may be possible to enumerate installed extensions. (Bug 45876)

- An unspecified vulnerability in WebSockets could lead to a browser NULL crash. (Bugs 46750, 51846)

- A use-after-free error exists in the Notifications presenter. (Bug 50386)

- An unspecified memory corruption issue exists in Notification permissions. (Bug 50839)

- Multiple unspecified integer errors exists in WebSockets. (Bugs 51360, 51739)

- A memory corruption issue exists with counter nodes. (Bug 51653)

- Chrome may store an excessive amount of autocomplete entries. (Bug 51727)

- A stale pointer exists in focus handling. (Bug 52433)

- A Sandbox parameter deserialization error exists. (Bug 52682)

- An unspecified cross-origin image theft issue exists. (Bug 53001)

Solution

Upgrade to Google Chrome 6.0.472.53 or later.

See Also

http://googlechromereleases.blogspot.com/2010/09/stable-and-beta-channel-updates.html

Plugin Details

Severity: Medium

ID: 5654

Family: Web Clients

Published: 9/2/2010

Updated: 3/6/2019

Nessus ID: 49089

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

Patch Publication Date: 9/2/2010

Vulnerability Publication Date: 9/2/2010

Reference Information

CVE: CVE-2010-3246, CVE-2010-3247, CVE-2010-3248, CVE-2010-3249, CVE-2010-3250, CVE-2010-3251, CVE-2010-3252, CVE-2010-3253, CVE-2010-3254, CVE-2010-3255, CVE-2010-3256, CVE-2010-3257, CVE-2010-3258, CVE-2010-3259

BID: 42952