Google Chrome < 25.0.1364.152 Multiple Vulnerabilities

high Nessus Network Monitor Plugin ID 6706

Synopsis

The remote host contains a web browser that is affected by multiple vulnerabilities.

Description

Versions of Google Chrome earlier than 25.0.1364.152 are potentially affected by the following vulnerabilities :

- Use-after-free errors exist related to the frame loader, browser navigation handling and SVG animation. (CVE-2013-0902, CVE-2013-0903, CVE-2013-0905)

- Memory corruption errors exist related to 'Web Audio' and 'Indexed DB'. (CVE-2013-0904, CVE-2013-0906)

- A race condition exists related to media thread handling. (CVE-2013-0907)

- An unspecified error exists related to extension process bindings. (CVE-2013-0908)

- The 'XSS Auditor' could leak referrer information. (CVE-2013-0909)

- An unspecified error exists related to loading strictness and 'Mediate renderer -> browser plug-in'. (CVE-2013-0910)

- A path traversal error exists related to database handling. (CVE-2013-0911)

Solution

Upgrade to Google Chrome 25.0.1364.152 or later.

See Also

http://www.nessus.org/u?871cfa58

Plugin Details

Severity: High

ID: 6706

Family: Web Clients

Published: 3/6/2013

Updated: 3/6/2019

Nessus ID: 65029

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:google:chrome

Patch Publication Date: 3/4/2013

Vulnerability Publication Date: 3/4/2013

Reference Information

CVE: CVE-2013-0902

BID: 58291