Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Google Chrome < 35.0.1916.114 Multiple Vulnerabilities

High

Synopsis

The remote host is running an outdated web browser that contains multiple vulnerabilities.

Description

The version of Google Chrome installed on the remote host is a version prior to 35.0.1916.114 and is thus missing fixes for multiple vulnerabilities, some of which include:

- Use-after-free vulnerabilities in styles and SVG that may be leveraged by a context-dependent attacker to dereference freed memory and execute arbitrary code (CVE-2014-1743, CVE-2014-1746)

- Integer overflow vulnerability due to improper audio file validation, which may be leveraged by an attacker to cause a buffer overflow resulting in arbitrary code execution (CVE-2014-1744)

- An out-of-bounds read issue when handling media filters, which can be leveraged to cause a crash and/or potentially disclose memory contents (CVE-2014-1746)

- A universal cross-site scripting attack due to insufficient validation when handling local MHTML files (CVE-2014-1747)

- A UI spoofing flaw which can be leveraged by a context-dependent attacker to paint a scroll corner larger than the iframe it is attached to, potentially allowing for clickjacking attacks (CVE-2014-1748)

- An update to Google V8 engine, which in version 3.25.28.16 fixes an integer underflow vulnerability that could otherwise be leveraged for arbitrary code execution (CVE-2014-3152)

- A vulnerability in Blink's 'SpeechInput' speech recongition feature, which may be exploited for information disclosure in conjunction with clickjacking; the feature has since been disabled (CVE-2014-3803)

- Other miscellaneous vulnerabilities undisclosed by the vendor (CVE-2014-1749)

Solution

Update the Chrome browser to 35.0.1916.114 or later.