Google Chrome < 27.0.1453.93 Multiple Vulnerabilities

high Nessus Network Monitor Plugin ID 6835

Synopsis

The remote host contains a web browser that is affected by multiple vulnerabilities

Description

Versions of Google Chrome prior to 27.0.1453.93 are affected by the following vulnerabilities :

- Use-after-free errors exist in SVG, media loader, Pepper resource handling, widget handling, speech handling, style resolution, media loader, and related to race condition with workers. (CVE-2013-2837, CVE-2013-2840, CVE-2013-2841, CVE-2013-2842, CVE-2013-2843, CVE-2013-2844, CVE-2013-2846, CVE-2013-2847)

- An out-of-bounds read error exists in v8. (CVE-2013-2838)

- A memory corruption vulnerability exists related to a bad casting in clipboard handling. (CVE-2013-2839)

- A memory safety issue exists related to Web Audio. (CVE-2013-2845)

- An information disclosure vulnerability exists related to XSS Auditor. (CVE-2013-2848)

- A cross-site scripting vulnerability exists related to drag and drop or copy and paste. (CVE-2013-2849)

Solution

Upgrade to Google Chrome 27.0.1453.93 or later.

See Also

http://www.nessus.org/u?ef8d3a90

Plugin Details

Severity: High

ID: 6835

Family: Web Clients

Published: 5/23/2013

Updated: 3/6/2019

Nessus ID: 66676

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:google:chrome

Patch Publication Date: 5/21/2013

Vulnerability Publication Date: 5/21/2013

Reference Information

CVE: CVE-2013-2836

BID: 60062