Google Chrome < 18.0.1025.151 Multiple Vulnerabilities

high Nessus Network Monitor Plugin ID 6403

Synopsis

The remote host contains a web browser that is affected by multiple vulnerabilities.

Description

Versions of Google Chrome earlier than 18.0.1025.151 are potentially affected by the following vulnerabilities :

- An out-of-bounds read issue exists related to 'Skia' clipping. (CVE-2011-3066)

- An error exists related to cross-origin iframe replacement. (CVE-2011-3067)

- Use-after-free errors exist related to 'run-in' handling, line box editing, v8 JavaScript engine bindings, 'HTMLMediaElemet', SVG resource handling, media handling, style command application, and focus handling. (CVE-2011-3068, CVE-2011-3069, CVE-2011-3070, CVE-2011-3071, CVE-2011-3073, CVE-2011-3074, CVE-2011-3075, CVE-2011-3076)

- A cross-origin violation error exists related to pop-up windows. (CVE-2011-3072)

- A read-after-free error exists related to script binding. (CVE-2011-3077)\
- The bundled Adobe Flash Player is vulnerable to several memory corruption issues that can lead to arbitrary code execution. (CVE-2012-0724, CVE-2012-0725)

Solution

Upgrade to Google Chrome 18.0.1025.151 or later.

See Also

http://googlechromereleases.blogspot.com/2012/04/stable-and-beta-channel-updates.html,http://www.adobe.com/support/security/bulletins/apsb12-07.html

Plugin Details

Severity: High

ID: 6403

Family: Web Clients

Published: 4/11/2012

Updated: 3/6/2019

Nessus ID: 58644

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:google:chrome

Patch Publication Date: 4/5/2012

Vulnerability Publication Date: 4/5/2012

Reference Information

CVE: CVE-2011-3066

BID: 52913