Detections
Analytics
Google Chrome < 37.0.2062.94 Multiple Vulnerabilities
critical Nessus Network Monitor Plugin ID 8359
Synopsis
The remote host is running an outdated web browser that may contain multiple vulnerabilities.Description
The version of Google Chrome installed on the remote host is a version prior to 37.0.2062.94 and is thus missing fixes for the following vulnerabilities:- A critical group of bugs in V8, IPC, sync, and extensions that can lead to a sandbox escape and remote code execution (CVE-2014-3176, CVE-2014-3177)
- Use-after-free vulnerabilities in various browser components (CVE-2014-3168, CVE-2014-3169, CVE-2014-3171)
- Potential information disclosure due to uninitialized memory access (CVE-2014-3173, CVE-2014-3174)
- Undisclosed vulnerabilities within browser extensions related to debugging and permission dialog spoofing (CVE-2014-3170, CVE-2014-3172)
Other vulnerabilities have been fixed that were not disclosed by the vendor.
Solution
Update the Chrome browser to 37.0.2062.94 or later.See Also
http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html
Plugin Details
Severity: Critical
ID: 8359
Family: Web Clients
Published: 8/26/2014
Updated: 3/6/2019
Risk Information
VPR
Risk Factor: Medium
Score: 5.8
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 7.8
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: cpe:/a:google:chrome
Patch Publication Date: 8/26/2014
Vulnerability Publication Date: 8/26/2014
Reference Information
CVE: CVE-2014-3168
BID: 69398