Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Google Chrome < 40.0.2214.91 Multiple Vulnerabilities

High

Synopsis

The remote host is utilizing a web browser that is outdated and thus unpatched for multiple vulnerabilities.

Description

The version of Google Chrome installed on the remote host is a version prior to 40.0.2214.91 and is thus missing fixes for the following vulnerabilities :

- A memory corruption vulnerability exists due to an error in Fonts. (CVE-2014-7938) - Multiple memory corruption vulnerabilities exist due to an error in ICU. (CVE-2014-7923, CVE-2014-7926) - Multiple memory corruption vulnerabilities exist due to an error in V8. (CVE-2014-7927, CVE-2014-7928, CVE-2014-7931) - A same-origin policy bypass vulnerability exists due to an error in v8. (CVE-2014-7939) - A security vulnerability occurs due to an uninitialized value in Fonts. (CVE-2014-7942) - A security vulnerability occurs due to an uninitialized value in ICU. (CVE-2014-7940) - A security bypass vulnerability occurs due to caching error in AppCache. (CVE-2014-7948) - Multiple use-after-free vulnerabilities exist due to an error in DOM. (CVE-2014-7929, CVE-2014-7930, CVE-2014-7932, CVE-2014-7934) - Multiple use-after-free vulnerabilities exist due to an error in FFmpeg. (CVE-2014-7933, CVE-2014-7937) - A use-after-free vulnerability exists due to an error in IndexedDB. (CVE-2014-7924) - A use-after-free vulnerability exists due to an error in Speech. (CVE-2014-7935) - A use-after-free vulnerability exists due to an error in Views. (CVE-2014-7936) - A use-after-free vulnerability exists due to an error in WebAudio. (CVE-2014-7925) - Multiple out-of-bounds read vulnerabilities exist due to an error in PDFium. (CVE-2014-7944, CVE-2014-7945) - An out-of-bounds read vulnerability exists due to an error in Fonts. (CVE-2014-7946) - An out-of-bounds read vulnerability exists due to an error in PDFium. (CVE-2014-7947) - An out-of-bounds read vulnerability exists due to an error in Skia. (CVE-2014-7943) - An out-of-bounds read vulnerability exists due to an error in UI. (CVE-2014-7941) - A flaw in the ScopedClipboard destructor in 'remoting/host/clipboard_win.cc' that is triggered as the CloseClipboard() API is not called with an anonymous access token. This may allow a context-dependent attacker to to bypass sandbox restrictions via an impersonation of the access token used by a system process. (CVE-2015-1205) - Multiple unspecified vulnerabilities affecting Google V8 allow remote attackers to cause a denial of service or other unknown impacts. (CVE-2015-1346) - Multiple off-by-one errors in 'fpdfapi/fpdf_font/font_int.h' in PDFium. This could allow remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted PDF document, related to an "intra-object-overflow" issue. (CVE-2015-1359) - A flaw in Skia due to improperly handling data during text drawing could allow a remote attacker to cause a denial of service or other unspecified impact. This affects 'gpu/GrBitmapTextContext.cpp' and 'gpu/GrDistanceFieldTextContext.cpp'. (CVE-2015-1360)

Solution

Update the Chrome browser to 40.0.2214.91, or later.