Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Google Chrome < 38.0.2125.104 Multiple Vulnerabilities

High

Synopsis

The remote host has a web browser installed that is unpatched for multiple vulnerabilities.

Description

In addition to missing the security updates to Google V8 Javascript engine, versions of Google Chrome prior to 38.0.2125.104 are vulnerable to the following issues:

- A flaw exists in V8 and IPC that can lead to remote code execution. (CVE-2014-3188)

- Out-of-bounds read errors exist in PDFium. (CVE-2014-3189, CVE-2014-3198)

- Use-after-free errors exist in Events, Rendering, DOM, and Web Workers. (CVE-2014-3190, CVE-2014-3191, CVE-2014-3192, CVE-2014-3194)

- A type confusion error exists in Session Management. (CVE-2014-3193)

- Information leak vulnerabilities exist in the V8 JavaScript engine and the XSS Auditor. (CVE-2014-3195, CVE-2014-3197)

- A security bypass vulnerability exists in the Windows Sandbox. (CVE-2014-3196)

- An error exists related to assertion of bindings in the V8 JavaScript engine. (CVE-2014-3199)

- Multiple unspecified vulnerabilities exist. (CVE-2014-3200)

Note that while version 38.0.2125.101 contains fixes for these issues, it does not include security updates for the built-in Adobe Flash engine, which is released with version 38.0.2125.104.

Solution

Update the Chrome browser to 38.0.2125.104, or later. (Version 38.0.2125.101 fixes all of these vulnerabilities but does not include updates to the built-in Flash engine.)