Google Chrome < 40.0.2214.91 Multiple Vulnerabilities

High Nessus Network Monitor Plugin ID 8889

Synopsis

The remote host is utilizing a web browser that is outdated and thus unpatched for multiple vulnerabilities.

Description

The version of Google Chrome installed on the remote host is a version prior to 40.0.2214.91 and is thus missing fixes for the following vulnerabilities :

- A memory corruption vulnerability exists due to an error in Fonts. (CVE-2014-7938)
- Multiple memory corruption vulnerabilities exist due to an error in ICU. (CVE-2014-7923, CVE-2014-7926)
- Multiple memory corruption vulnerabilities exist due to an error in V8. (CVE-2014-7927, CVE-2014-7928, CVE-2014-7931)
- A same-origin policy bypass vulnerability exists due to an error in v8. (CVE-2014-7939)
- A security vulnerability occurs due to an uninitialized value in Fonts. (CVE-2014-7942)
- A security vulnerability occurs due to an uninitialized value in ICU. (CVE-2014-7940)
- A security bypass vulnerability occurs due to caching error in AppCache. (CVE-2014-7948)
- Multiple use-after-free vulnerabilities exist due to an error in DOM. (CVE-2014-7929, CVE-2014-7930, CVE-2014-7932, CVE-2014-7934)
- Multiple use-after-free vulnerabilities exist due to an error in FFmpeg. (CVE-2014-7933, CVE-2014-7937)
- A use-after-free vulnerability exists due to an error in IndexedDB. (CVE-2014-7924)
- A use-after-free vulnerability exists due to an error in Speech. (CVE-2014-7935)
- A use-after-free vulnerability exists due to an error in Views. (CVE-2014-7936)
- A use-after-free vulnerability exists due to an error in WebAudio. (CVE-2014-7925)
- Multiple out-of-bounds read vulnerabilities exist due to an error in PDFium. (CVE-2014-7944, CVE-2014-7945)
- An out-of-bounds read vulnerability exists due to an error in Fonts. (CVE-2014-7946)
- An out-of-bounds read vulnerability exists due to an error in PDFium. (CVE-2014-7947)
- An out-of-bounds read vulnerability exists due to an error in Skia. (CVE-2014-7943)
- An out-of-bounds read vulnerability exists due to an error in UI. (CVE-2014-7941)
- A flaw in the ScopedClipboard destructor in 'remoting/host/clipboard_win.cc' that is triggered as the CloseClipboard() API is not called with an anonymous access token. This may allow a context-dependent attacker to to bypass sandbox restrictions via an impersonation of the access token used by a system process. (CVE-2015-1205)
- Multiple unspecified vulnerabilities affecting Google V8 allow remote attackers to cause a denial of service or other unknown impacts. (CVE-2015-1346)
- Multiple off-by-one errors in 'fpdfapi/fpdf_font/font_int.h' in PDFium. This could allow remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted PDF document, related to an "intra-object-overflow" issue. (CVE-2015-1359)
- A flaw in Skia due to improperly handling data during text drawing could allow a remote attacker to cause a denial of service or other unspecified impact. This affects 'gpu/GrBitmapTextContext.cpp' and 'gpu/GrDistanceFieldTextContext.cpp'. (CVE-2015-1360)

Solution

Update the Chrome browser to 40.0.2214.91, or later.

See Also

http://googlechromereleases.blogspot.com/2015/01/stable-update.html

Plugin Details

Severity: High

ID: 8889

Family: Web Clients

Published: 2015/02/11

Modified: 2015/10/02

Dependencies: 4645

Nessus ID: 80951, 80950

Risk Information

Risk Factor: High

CVSSv2

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

CVSSv3

Base Score: 8.1

Temporal Score: 7.7

Vector: CVSS3#AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS3#E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:google:chrome

Patch Publication Date: 2015/01/22

Vulnerability Publication Date: 2015/01/22

Reference Information

CVE: CVE-2014-7923, CVE-2014-7924, CVE-2014-7925, CVE-2014-7926, CVE-2014-7927, CVE-2014-7928, CVE-2014-7929, CVE-2014-7930, CVE-2014-7931, CVE-2014-7932, CVE-2014-7933, CVE-2014-7934, CVE-2014-7935, CVE-2014-7936, CVE-2014-7937, CVE-2014-7938, CVE-2014-7939, CVE-2014-7940, CVE-2014-7941, CVE-2014-7942, CVE-2014-7943, CVE-2014-7944, CVE-2014-7945, CVE-2014-7946, CVE-2014-7947, CVE-2014-7948, CVE-2015-1205, CVE-2015-1346, CVE-2015-1359, CVE-2015-1360

BID: 72288, 72858, 73076, 73077

IAVB: 2015-B-0038