Detections
Analytics
Google Chrome < 36.0.1985.143 Multiple Vulnerabilities
critical Nessus Network Monitor Plugin ID 8356
Synopsis
The remote host is running an outdated web browser that may contain multiple vulnerabilities.Description
The version of Google Chrome installed on the remote host is a version prior to 36.0.1985.143 and is thus missing fixes for the following vulnerabilities:- A use-after-free in the web socket implementation of Blink, which may be leveraged to execute arbitrary code (CVE_2014-3165)
- A flaw in the Public Key Pinning (PKP) implementation that may be leveraged to disclose sensitive information (CVE-2014-3166)
Other unspecified security flaws exist that have since been patched by this version.
Solution
Update the Chrome browser to 36.0.1985.143 or later.See Also
http://googlechromereleases.blogspot.com/2014/08/stable-channel-update.html
Plugin Details
Severity: Critical
ID: 8356
Family: Web Clients
Published: 7/18/2014
Updated: 3/6/2019
Nessus ID: 77184
Risk Information
VPR
Risk Factor: Medium
Score: 5.5
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 8.7
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: cpe:/a:google:chrome
Patch Publication Date: 8/12/2014
Vulnerability Publication Date: 8/12/2014
Reference Information
CVE: CVE-2014-3165
BID: 69201