Google Chrome < 13.0.782.215 Multiple Vulnerabilities

High Nessus Network Monitor Plugin ID 6016

Synopsis

The remote host contains a web browser that is affected by a code execution vulnerability.

Description

Versions of Google Chrome earlier than 13.0.782.215 are potentially affected by multiple vulnerabilities :

- An unspecified error related to command line URL parsing. (Issue #72892)
- Use-after-free errors related to line box handling, counter nodes, custom fonts, and text searching. (Issue #82552, #88216, #88670, #90668)
- A double-free error related to libxml XPath handling. (Issue #89402)
- An error related to empty origins exists that can allow cross-domain violation. (Issue #87453)
- A memory corruption error exists related to vertex handling. (Issue #89836)
- An out-of-bounds write error exists in the v8 JavaScript engine. (Issue #91517)
- An integer overrun error exists in the handling of uniform arrays. (Issue #91598)
- An unspecified issue exists in memset() in PDF.

Solution

Upgrade to Google Chrome 13.0.782.215 or later.

See Also

http://googlechromereleases.blogspot.com/2011/08/stable-channel-update_22.html

Plugin Details

Severity: High

ID: 6016

Family: Web Clients

Published: 2011/08/23

Modified: 2016/12/06

Dependencies: 1735, 8314

Nessus ID: 55959

Risk Information

Risk Factor: High

CVSSv2

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSSv3

Base Score: 8.1

Temporal Score: 7.1

Vector: CVSS3#AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS3#E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:google:chrome

Patch Publication Date: 2011/08/22

Vulnerability Publication Date: 2011/08/22

Reference Information

CVE: CVE-2011-2806, CVE-2011-2821, CVE-2011-2822, CVE-2011-2823, CVE-2011-2824, CVE-2011-2825, CVE-2011-2826, CVE-2011-2827, CVE-2011-2828, CVE-2011-2829, CVE-2011-2839

BID: 49279