Google Chrome OS < 33.0.1750.152 Multiple Vulnerabilities

High Nessus Network Monitor Plugin ID 8202

Synopsis

The remote mobile host was detected using an outdated version of the Chrome OS.

Description

Chrome OS version 33.0.1750.152 (Platform version: 5116.115.4/5116.115.5) was released with fixes for the following security vulnerabilities :

- Memory corruption in V8 via the builtin ArrayBuffer property access, which can lead to remote code execution (CVE-2014-1705)
- Command injection in Crosh via the try_touch_experiment function, which may allow a context-dependent attacker to run arbitrary commands (CVE-2014-1706)
- Path traversal issue in CrosDisk due to insufficient user input sanitation when mounting a source (CVE-2014-1707)
- Issue with file persistence at boot, relating to a flaw in dump_vpd_log (CVE-2014-1708)
- Memory corruption flaw in the AsyncPixelTransfersCompletedQuery::End() function in the GPU command buffer, which a context-dependent attacker can leverage to run arbitrary code (CVE-2014-1710)
- Out-of-bounds write in the GPU driver, which can be leveraged to execute arbitrary code (CVE-2014-1711)
- Use-after-free error in Blink bindings used in the V8 engine, which can be leveraged to execute arbitrary code (CVE-2014-1713)

Solution

Update Chrome OS to version 33.0.1750.152 or later.

See Also

http://googlechromereleases.blogspot.com/2014/03/stable-channel-update-for-chrome-os_14.html

http://packetstormsecurity.com/files/125893/Google-Chrome-Blink-locationAttributeSetter-Use-After-Free.html

Plugin Details

Severity: High

ID: 8202

File Name: 8202.prm

Published: 2014/05/01

Modified: 2016/11/23

Dependencies: 6754

Risk Information

Risk Factor: High

CVSSv2

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSSv3

Base Score: 8.1

Temporal Score: 7.1

Vector: CVSS3#AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS3#E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:google:chrome

Patch Publication Date: 2014/03/14

Vulnerability Publication Date: 2014/03/14

Reference Information

CVE: CVE-2014-1705, CVE-2014-1706, CVE-2014-1707, CVE-2014-1708, CVE-2014-1710, CVE-2014-1711, CVE-2014-1713

BID: 66239, 66243, 66253, 66263