Google Chrome < 13.0.782.215 Multiple Vulnerabilities

high Nessus Network Monitor Plugin ID 6016

Synopsis

The remote host contains a web browser that is affected by a code execution vulnerability.

Description

Versions of Google Chrome earlier than 13.0.782.215 are potentially affected by multiple vulnerabilities :

- An unspecified error related to command line URL parsing. (Issue #72892)
- Use-after-free errors related to line box handling, counter nodes, custom fonts, and text searching. (Issue #82552, #88216, #88670, #90668)
- A double-free error related to libxml XPath handling. (Issue #89402)
- An error related to empty origins exists that can allow cross-domain violation. (Issue #87453)
- A memory corruption error exists related to vertex handling. (Issue #89836)
- An out-of-bounds write error exists in the v8 JavaScript engine. (Issue #91517)
- An integer overrun error exists in the handling of uniform arrays. (Issue #91598)
- An unspecified issue exists in memset() in PDF.

Solution

Upgrade to Google Chrome 13.0.782.215 or later.

See Also

http://googlechromereleases.blogspot.com/2011/08/stable-channel-update_22.html

Plugin Details

Severity: High

ID: 6016

Family: Web Clients

Published: 8/23/2011

Updated: 3/6/2019

Nessus ID: 55959

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:google:chrome

Patch Publication Date: 8/22/2011

Vulnerability Publication Date: 8/22/2011

Reference Information

CVE: CVE-2011-2806

BID: 49279