Google Chrome < 14.0.835.202 Multiple Vulnerabilities

high Nessus Network Monitor Plugin ID 6032

Synopsis

The remote host contains a web browser that is vulnerable to multiple attack vectors.

Description

Versions of Google Chrome earlier than 14.0.835.202 are affected by multiple vulnerabilities :

- A use-after-free issue exists in text line box handling. (Issue 93788)

- A stale font issue exists in SVG text handling. (Issue 95072)

- An inappropriate cross-origin access to the window prototype exists. (Issue 95671)

- Lifetime and threading issues exist in audio node handling. (Issue 96150)

- A use-after-free issue exists in the v8 bindings. (Issues 97451, 97520, 97615)

- A memory corruption issue exists in v8 hidden objects. (Issue 97784)

- A memory corruption issue exists in the shader translator. (Issue 98089)

Solution

Upgrade to Google Chrome 14.0.835.202 or later.

See Also

http://googlechromereleases.blogspot.com/2011/10/stable-channel-update.html

Plugin Details

Severity: High

ID: 6032

Family: Web Clients

Published: 10/4/2011

Updated: 3/6/2019

Nessus ID: 56391

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:google:chrome

Patch Publication Date: 10/4/2011

Vulnerability Publication Date: 10/4/2011

Reference Information

CVE: CVE-2011-2876

BID: 49938