Google Chrome < 38.0.2125.104 Multiple Vulnerabilities
High Nessus Network Monitor Plugin ID 8551
SynopsisThe remote host has a web browser installed that is unpatched for multiple vulnerabilities.
- A flaw exists in V8 and IPC that can lead to remote code execution. (CVE-2014-3188)
- Out-of-bounds read errors exist in PDFium. (CVE-2014-3189, CVE-2014-3198)
- Use-after-free errors exist in Events, Rendering, DOM, and Web Workers. (CVE-2014-3190, CVE-2014-3191, CVE-2014-3192, CVE-2014-3194)
- A type confusion error exists in Session Management. (CVE-2014-3193)
- A security bypass vulnerability exists in the Windows Sandbox. (CVE-2014-3196)
- Multiple unspecified vulnerabilities exist. (CVE-2014-3200)
Note that while version 38.0.2125.101 contains fixes for these issues, it does not include security updates for the built-in Adobe Flash engine, which is released with version 38.0.2125.104.
SolutionUpdate the Chrome browser to 38.0.2125.104, or later. (Version 38.0.2125.101 fixes all of these vulnerabilities but does not include updates to the built-in Flash engine.)