Google Chrome < 37.0.2062.94 Multiple Vulnerabilities

Critical Nessus Network Monitor Plugin ID 8359

Synopsis

The remote host is running an outdated web browser that may contain multiple vulnerabilities.

Description

The version of Google Chrome installed on the remote host is a version prior to 37.0.2062.94 and is thus missing fixes for the following vulnerabilities:

- A critical group of bugs in V8, IPC, sync, and extensions that can lead to a sandbox escape and remote code execution (CVE-2014-3176, CVE-2014-3177)

- Use-after-free vulnerabilities in various browser components (CVE-2014-3168, CVE-2014-3169, CVE-2014-3171)

- Potential information disclosure due to uninitialized memory access (CVE-2014-3173, CVE-2014-3174)

- Undisclosed vulnerabilities within browser extensions related to debugging and permission dialog spoofing (CVE-2014-3170, CVE-2014-3172)

Other vulnerabilities have been fixed that were not disclosed by the vendor.

Solution

Update the Chrome browser to 37.0.2062.94 or later.

See Also

http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html

Plugin Details

Severity: Critical

ID: 8359

Family: Web Clients

Published: 2014/08/26

Modified: 2016/01/19

Dependencies: 4645

Risk Information

Risk Factor: Critical

CVSSv2

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSSv3

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS3#E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:google:chrome

Patch Publication Date: 2014/08/26

Vulnerability Publication Date: 2014/08/26

Reference Information

CVE: CVE-2014-3168, CVE-2014-3169, CVE-2014-3170, CVE-2014-3171, CVE-2014-3172, CVE-2014-3173, CVE-2014-3174, CVE-2014-3175, CVE-2014-3176, CVE-2014-3177

BID: 69398