Google Chrome < 41.0.2272.118 Multiple Vulnerabilities

High Nessus Network Monitor Plugin ID 8706

Synopsis

The remote host contains a web browser that is vulnerable to multiple attack vectors.

Description

The version of Google Chrome on the remote host is prior to 41.0.2272.118 and is affected by the following vulnerabilities :

- A remote code execution vulnerability exists due to bugs in the V8, Gamepad, and IPC components. (CVE-2015-1233)

- A buffer overflow vulnerability exists due to a race condition in the GPU component. (CVE-2015-1234)

Solution

Upgrade to Google Chrome 41.0.2272.118 or later.

See Also

http://googlechromereleases.blogspot.com/2015/04/stable-channel-update.html

Plugin Details

Severity: High

ID: 8706

Family: Web Clients

Published: 2015/04/24

Modified: 2018/09/16

Dependencies: 4645

Nessus ID: 82534

Risk Information

Risk Factor: High

CVSSv2

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

CVSSv3

Base Score: 8.1

Temporal Score: 7.7

Vector: CVSS3#AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS3#E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:google:chrome

Patch Publication Date: 2015/04/01

Vulnerability Publication Date: 2015/04/01

Reference Information

CVE: CVE-2015-1233, CVE-2015-1234

BID: 73484, 73486