Google Chrome < 26.0.1410.43 Multiple Vulnerabilities

high Nessus Plugin ID 65691

Synopsis

The remote host contains a web browser that is affected by multiple vulnerabilities.

Description

The version of Google Chrome installed on the remote host is a version prior to 26.0.1410.43 and is, therefore, affected by the following vulnerabilities :

- Use-after-free errors exist related to 'Web Audio' and the extension bookmarks API. (CVE-2013-0916, CVE-2013-0920)

- An out-of-bounds read error exists related to the URL loader. (CVE-2013-0917)

- An unspecified error exists related to 'drag and drop' actions and the developer tools. (CVE-2013-0918)

- An unspecified error exists related to website process isolation. (CVE-2013-0921)

- An error exists related to HTTP basic authentication and brute-force attacks. (CVE-2013-0922)

- A memory safety issue exists related to the 'USB Apps' API. (CVE-2013-0923)

- A permissions error exists related to extensions API and file permissions. (CVE-2013-0924)

- URLs can be leaked to extensions even if the extension does not have the 'tabs' permission. (CVE-2013-0925)

- An error exists related to 'active tags' and the paste action that has unspecified impact. (CVE-2013-0926)

Solution

Upgrade to Google Chrome 26.0.1410.43 or later.

See Also

http://www.nessus.org/u?f4baa820

Plugin Details

Severity: High

ID: 65691

File Name: google_chrome_26_0_1410_43.nasl

Version: 1.17

Type: local

Agent: windows

Family: Windows

Published: 3/26/2013

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2013-0925

Vulnerability Information

CPE: cpe:/a:google:chrome

Required KB Items: SMB/Google_Chrome/Installed

Exploit Ease: No known exploits are available

Patch Publication Date: 3/26/2013

Vulnerability Publication Date: 3/26/2013

Reference Information

CVE: CVE-2013-0916, CVE-2013-0917, CVE-2013-0918, CVE-2013-0920, CVE-2013-0921, CVE-2013-0922, CVE-2013-0923, CVE-2013-0924, CVE-2013-0925, CVE-2013-0926

BID: 58723, 58724, 58725, 58728, 58729, 58730, 58731, 58732, 58733, 58734