Google Chrome < 15.0.874.102 Multiple Vulnerabilities

High Nessus Network Monitor Plugin ID 6050

Synopsis

The remote host contains a web browser that is vulnerable to multiple attack vectors.

Description

Versions of Google Chrome earlier than 15.0.874.102 are affected by multiple vulnerabilities :

- Several URL bar spoofing errors exist related to history handling and drag-and-drop of URLs. (CVE-2011-28245, CVE-2011-3875)

- Whitespace is stripped from the end of download filenames. (CVE-2011-3876)

- A cross-site scripting issue exists related to the appcache internals page. (CVE-2011-3877)

- A race condition exists related to working process initialization. (CVE-2011-3878)

- An error exists related to redirection to chrome scheme URIs. (CVE-2011-3879)

- Unspecified special characters may be used as delimiters in HTTP headers. (CVE-2011-3880)

- Several cross-origin policy violation issues exist. (CVE-2011-3881)

- Several use-after-free errors exist related to media buffer handling, counter handling, stale styles, plugins and editing, and video source handling. (CVE-2011-3882, CVE-2011-3883, CVE-2011-3885, CVE-2011-3888, CVE-2011-3890)

- Timing issues exist related to DOM traversal. (CVE-2011-3884)

- An out-of-bounds write error exists in the V8 JavaScript engine. (CVE-2011-3886)

- Cookie theft is possible via JavaScript URIs. (CVE-2011-3887)

- A heap overflow issue exists related to Web Audio. (CVE-2011-3889)

- Functions internal to the V8 JavaScript engine are exposed. (CVE-2011-3891)

Solution

Upgrade to Google Chrome 15.0.874.102 or later.

See Also

http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html

Plugin Details

Severity: High

ID: 6050

File Name: 6050.prm

Family: Web Clients

Published: 2011/10/26

Modified: 2016/12/06

Dependencies: 1735, 8314

Nessus ID: 56650

Risk Information

Risk Factor: High

CVSSv2

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSSv3

Base Score: 8.1

Temporal Score: 7.1

Vector: CVSS3#AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS3#E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:google:chrome

Patch Publication Date: 2011/10/25

Vulnerability Publication Date: 2011/10/25

Reference Information

CVE: CVE-2011-2845, CVE-2011-3875, CVE-2011-3876, CVE-2011-3877, CVE-2011-3878, CVE-2011-3879, CVE-2011-3880, CVE-2011-3882, CVE-2011-3883, CVE-2011-3884, CVE-2011-3885, CVE-2011-3886, CVE-2011-3887, CVE-2011-3888, CVE-2011-3889, CVE-2011-3890, CVE-2011-3891

BID: 50360

OSVDB: 76545, 76546, 76547, 76548, 76549, 76550, 76551, 76552, 76553, 76554, 76555, 76556, 76557, 76558, 76559, 76560, 76561, 76562