Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Google Chrome < 34.0.1847.137 Multiple Vulnerabilities

High

Synopsis

The remote host is running an outdated web browser that contains multiple vulnerabilities.

Description

The version of Google Chrome installed on the remote host is a version prior to 34.0.1847.137 and is thus missing fixes for the following vulnerabilities:

- Use-after-free error when handling WebSockets, and use-after-free error when calling the 'updateAppearance()' function in FrameSelection, which may be leveraged to access already freed memory and potentially execute arbitrary code. (CVE-2014-1740, CVE-2014-1742)

- An integer overflow condition in the 'deleteData()' and 'replaceData()' functions in CharacterData, which can be leveraged for denial of service or arbitrary code execution in the context of the application. (CVE-2014-1741)

- Various vulnerabilities in the built-in Flash player, which were fixed by updating to version 13.0.0.214.

Solution

Update the Chrome browser to 34.0.1847.137 or later.