Google Chrome < 27.0.1453.93 Multiple Vulnerabilities

high Nessus Network Monitor Plugin ID 6835
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote host contains a web browser that is affected by multiple vulnerabilities

Description

Versions of Google Chrome prior to 27.0.1453.93 are affected by the following vulnerabilities :

- Use-after-free errors exist in SVG, media loader, Pepper resource handling, widget handling, speech handling, style resolution, media loader, and related to race condition with workers. (CVE-2013-2837, CVE-2013-2840, CVE-2013-2841, CVE-2013-2842, CVE-2013-2843, CVE-2013-2844, CVE-2013-2846, CVE-2013-2847)

- An out-of-bounds read error exists in v8. (CVE-2013-2838)

- A memory corruption vulnerability exists related to a bad casting in clipboard handling. (CVE-2013-2839)

- A memory safety issue exists related to Web Audio. (CVE-2013-2845)

- An information disclosure vulnerability exists related to XSS Auditor. (CVE-2013-2848)

- A cross-site scripting vulnerability exists related to drag and drop or copy and paste. (CVE-2013-2849)

Solution

Upgrade to Google Chrome 27.0.1453.93 or later.

See Also

http://www.nessus.org/u?ef8d3a90

Plugin Details

Severity: High

ID: 6835

Family: Web Clients

Published: 5/23/2013

Updated: 3/6/2019

Nessus ID: 66676

Risk Information

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

Patch Publication Date: 5/21/2013

Vulnerability Publication Date: 5/21/2013

Reference Information

CVE: CVE-2013-2846, CVE-2013-2837, CVE-2013-2836, CVE-2013-2838, CVE-2013-2839, CVE-2013-2840, CVE-2013-2841, CVE-2013-2842, CVE-2013-2843, CVE-2013-2844, CVE-2013-2845, CVE-2013-2847, CVE-2013-2848, CVE-2013-2849

BID: 60062, 60063, 60064, 60065, 60066, 60067, 60068, 60069, 60070, 60071, 60072, 60073, 60074, 60076