Detections
Analytics
Google Chrome < 2.0.172.43 Multiple Vulnerabilities
high Nessus Plugin ID 40778
Language:
Synopsis
The remote host contains a web browser that is affected by multiple vulnerabilities.Description
The version of Google Chrome installed on the remote host is earlier than 2.0.172.43. Such versions are reportedly affected by multiple issues :- A flaw in the V8 JavaScript engine might allow a specially crafted JavaScript page to access unauthorized data in memory or to execute arbitrary code within the Google Chrome sandbox. (CVE-2009-2935)
- The browser can connect to SSL-enabled sites whose certificates use weak hash algorithms, such as MD2 and MD4. An attacker may be able exploit this issue to forge certificates and spoof an invalid website as a valid HTTPS site. (Issue #18725)
- A stack consumption vulnerability in libxml2 library could be exploited to crash the Google Chrome tab process or execute arbitrary code with in Google Chrome sandbox.
(CVE-2009-2414)
- Multiple use-after-free vulnerabilities in libxml2 library could be exploited to crash the Google Chrome tab process or execute arbitrary code with in Google Chrome sandbox. (CVE-2009-2416)
Solution
Upgrade to Google Chrome 2.0.172.43 or later.See Also
https://bugs.chromium.org/p/chromium/issues/detail?id=18639
Plugin Details
Severity: High
ID: 40778
File Name: google_chrome_2_0_172_43.nasl
Version: 1.20
Type: local
Agent: windows
Family: Windows
Published: 8/26/2009
Updated: 4/11/2022
Configuration: Enable thorough checks
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 6.9
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: cpe:/a:google:chrome
Required KB Items: SMB/Google_Chrome/Installed
Exploit Ease: No known exploits are available
Patch Publication Date: 8/25/2009
Vulnerability Publication Date: 8/25/2009