Google Chrome < 14.0.835.202 Multiple Vulnerabilities

High Nessus Network Monitor Plugin ID 6032

Synopsis

The remote host contains a web browser that is vulnerable to multiple attack vectors.

Description

Versions of Google Chrome earlier than 14.0.835.202 are affected by multiple vulnerabilities :

- A use-after-free issue exists in text line box handling. (Issue 93788)

- A stale font issue exists in SVG text handling. (Issue 95072)

- An inappropriate cross-origin access to the window prototype exists. (Issue 95671)

- Lifetime and threading issues exist in audio node handling. (Issue 96150)

- A use-after-free issue exists in the v8 bindings. (Issues 97451, 97520, 97615)

- A memory corruption issue exists in v8 hidden objects. (Issue 97784)

- A memory corruption issue exists in the shader translator. (Issue 98089)

Solution

Upgrade to Google Chrome 14.0.835.202 or later.

See Also

http://googlechromereleases.blogspot.com/2011/10/stable-channel-update.html

Plugin Details

Severity: High

ID: 6032

File Name: 6032.prm

Family: Web Clients

Published: 2011/10/04

Modified: 2016/12/06

Dependencies: 1735, 8314

Nessus ID: 56391

Risk Information

Risk Factor: High

CVSSv2

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSSv3

Base Score: 8.1

Temporal Score: 7.1

Vector: CVSS3#AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS3#E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:google:chrome

Patch Publication Date: 2011/10/04

Vulnerability Publication Date: 2011/10/04

Reference Information

CVE: CVE-2011-2876, CVE-2011-2877, CVE-2011-2878, CVE-2011-2879, CVE-2011-2880, CVE-2011-2881, CVE-2011-3873

BID: 49938