Google Chrome < 34.0.1847.116 Multiple Vulnerabilities

High Nessus Network Monitor Plugin ID 8208

Synopsis

The remote host is running an outdated web browser that contains multiple vulnerabilities.

Description

The version of Google Chrome installed on the remote host is a version prior to 34.0.1847.116, and is thus affected by the following vulnerabilities :

- A use-after-free error exists in the included Flash version that could lead to arbitrary code execution. (CVE-2014-0506)
- A buffer overflow error exists in the included Flash version that could lead to arbitrary code execution. (CVE-2014-0507)
- An unspecified error exists in the included Flash version that could allow a security bypass leading to information disclosure. (CVE-2014-0508)
- A flaw exists related to IPC message injection. Combined with another vulnerability that allows compromising a renderer, a context-dependent attacker can bypass sandbox restrictions. (2014-1709)
- An unspecified error exists in the included Flash version that could allow cross-site scripting attacks. (CVE-2014-0509)
- An input-validation error exists that could allow universal cross-site scripting (UXSS) attacks. (CVE-2014-1716)
- An unspecified out-of-bounds access error exists related to the V8 JavaScript engine. (CVE-2014-1717)
- An integer overflow error exists related to the compositor. (CVE-2014-1718)
- Use-after-free errors exist related to web workers, DOM processing, rendering, speech handling and forms handling. (CVE-2014-1719, CVE-2014-1720, CVE-2014-1722, CVE-2014-1724, CVE-2014-1727)
- An unspecified memory corruption error exists related to the V8 JavaScript engine. (CVE-2014-1721)
- An URL confusion error exists related to handling RTL characters. (CVE-2014-1723)
- An out-of-bounds read error exists related to handling 'window property' processing. (CVE-2014-1725)
- An unspecified error exists that could allow local cross-origin bypasses. (CVE-2014-1726)
- Various, unspecified memory handling errors exist. (CVE-2014-1728)
- Various, unspecified errors exist related to the V8 JavaScript engine. (CVE-2014-1729)

Solution

Updates are available. Linux users should upgrade to 34.0.1847.116 or later.

See Also

http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html

http://helpx.adobe.com/flash-player/release-note/fp_13_air_13_release_notes.html

Plugin Details

Severity: High

ID: 8208

Family: Web Clients

Published: 2014/04/10

Updated: 2019/03/06

Dependencies: 4645

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

CVSS v3.0

Base Score: 8.1

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:google:chrome

Patch Publication Date: 2014/04/08

Vulnerability Publication Date: 2014/04/08

Reference Information

CVE: CVE-2014-0506, CVE-2014-0507, CVE-2014-0508, CVE-2014-0509, CVE-2014-1709, CVE-2014-1716, CVE-2014-1717, CVE-2014-1718, CVE-2014-1719, CVE-2014-1720, CVE-2014-1721, CVE-2014-1722, CVE-2014-1723, CVE-2014-1724, CVE-2014-1725, CVE-2014-1726, CVE-2014-1727, CVE-2014-1728, CVE-2014-1729

BID: 66704