Google Chrome < 26.0.1410.43 Multiple Vulnerabilities

High Nessus Network Monitor Plugin ID 6724

Synopsis

The remote host contains a web browser that is affected by multiple vulnerabilities

Description

Versions of Google Chrome prior to 26.0.1410.43 are affected by the following vulnerabilities :

 - Use-after-free errors exist related to 'Web Audio' and the extension bookmarks API. (CVE-2013-0916, CVE-2013-0920)

 - An out-of-bounds read error exists related to the URL loader. (CVE-2013-0917)

 - An unspecified error exists related to 'drag and drop' actions and the developer tools. (CVE-2013-0918)

 - An issue occurs due to a user-after-free with pop-ip windows in extensions, that can cause a remote memory-corruption. Note: (Linux Only). (CVE-2013-0919)

 - An unspecified error exists related to website process isolation. (CVE-2013-0921)

 - An error exists related to HTTP basic authentication and brute force attacks. (CVE-2013-0922)

 - A memory safety issue exists related to the 'USB Apps' API. (CVE-2013-0923)

 - A permissions error exists related to extensions API and file permissions. (CVE-2013-0924)

 - URLs can be leaked to extensions even if the extension does not have the 'tabs' permission. (CVE-2013-0925)

 - An error exists related to 'active tags' and the paste action that has unspecified impact. (CVE-2013-0926)

Solution

Upgrade to Google Chrome 26.0.1410.43 or later.

See Also

http://www.nessus.org/u?11700993

Plugin Details

Severity: High

ID: 6724

Family: Web Clients

Published: 2013/03/27

Updated: 2019/03/06

Nessus ID: 65691

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 8.1

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:google:chrome

Patch Publication Date: 2013/03/26

Vulnerability Publication Date: 2013/03/26

Reference Information

CVE: CVE-2013-0916

BID: 58712