Google Chrome < 0.2.149.29 Multiple Vulnerabilities

high Log Correlation Engine Plugin ID 800912

Synopsis

The remote host contains a web browser that is affected by multiple vulnerabilities.

Description

The version of Google Chrome installed on the remote host is earlier than 0.2.149.29. Such versions are reportedly are affected by several issues :

- A buffer overflow involving long filenames that display in the 'Save As...' dialog could lead to arbitrary code execution (Issue number 1414).
- A buffer overflow in handling of link targets displayed in the status area when a user hovers over a link could lead to arbitrary code execution (Fix number 1797).
- An out-of-bounds memory read when parsing URLs ending in ': %' could cause the application itself to crash (Issue number 122).
- The default Downloads directory is set to Desktop, which could lead to malicious cluttering of the desktop with unwanted downloads and even execution of arbitrary programs (Fix number 17933).

Solution

Upgrade to version 0.2.149.29 or higher.

See Also

code.google.com/p/chromium/issues/detail?id=122

code.google.com/p/chromium/issues/detail?id=1414

googlechromereleases.blogspot.com/2008/09/beta-release-0214929.html

Plugin Details

Severity: High

ID: 800912

Family: Web Clients

Nessus ID: 34197

Reference Information

CVE: CVE-2008-6994, CVE-2008-6995, CVE-2008-6997, CVE-2008-6998

BID: 30983, 31029, 31038, 31071