Google Chrome < 9.0.597.107 Multiple Vulnerabilities

High Nessus Network Monitor Plugin ID 5807

Synopsis

The remote host contains a web browser that is vulnerable to multiple attack vectors.

Description

Versions of Google Chrome earlier than 9.0.597.107 are potentially affected by multiple vulnerabilities :

- An unspecified error exists in the URL bar operations which can allow spoofing attacks. (54262)

- An unspecified error exists in the processing of JavaScript dialogs. (63732)

- An unspecified error exists in the processing of CSS nodes which can leave stale pointers in memory. (68263)

- An unspecified error exists in the processing of key frame rules which can leave stale pointers in memory. (68741)

- An unspecified error exists in the processing of form controls which can lead to application crashes. (70078)

- An unspecified error exists in the rendering of SVG animations and other SVG content which can leave stale pointers in memory. (70244, 71296)

- An unspecified error exists in the processing of tables which can leave stale nodes behind. (71114)

- An unspecified error exists in the processing of tables which can leave stale pointers in memory. (71115)

- An unspecified error exists in the processing of XHTML which can leave stale nodes behind. (71386)

- An unspecified error exists in the processing of textarea elements which can lead to application crashes. (71388)

- An unspecified error exists in the processing of device orientation which can leave stale pointers in memory. (71595)

- An unspecified error exists in WebGL which allows out-of-bounds memory accesses. (71717, 71960)

- An integer overflow exists in the processing of textarea elements which can lead to application crashes. (71855)

- A use-after-free error exists in the processing of blocked plugins. (72437)

- An unspecified error exists int he processing of layouts which can leave stale pointers in memory. (73235)

Solution

Upgrade to Google Chrome 9.0.597.107 or later.

See Also

http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_28.html

Plugin Details

Severity: High

ID: 5807

File Name: 5807.prm

Family: Web Clients

Published: 2011/03/07

Modified: 2016/12/06

Dependencies: 1735, 8314

Nessus ID: 52501

Risk Information

Risk Factor: High

CVSSv2

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSSv3

Base Score: 8.1

Temporal Score: 7.1

Vector: CVSS3#AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS3#E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:google:chrome

Patch Publication Date: 2011/02/28

Vulnerability Publication Date: 2011/02/28

Reference Information

CVE: CVE-2011-1107, CVE-2011-1108, CVE-2011-1109, CVE-2011-1110, CVE-2011-1111, CVE-2011-1113, CVE-2011-1112, CVE-2011-1114, CVE-2011-1115, CVE-2011-1116, CVE-2011-1117, CVE-2011-1118, CVE-2011-1119, CVE-2011-1120, CVE-2011-1121, CVE-2011-1122, CVE-2011-1123, CVE-2011-1124, CVE-2011-1125

BID: 46614, 47020