Google Chrome < 38.0.2125.104 Multiple Vulnerabilities

high Nessus Network Monitor Plugin ID 8551

Synopsis

The remote host has a web browser installed that is unpatched for multiple vulnerabilities.

Description

In addition to missing the security updates to Google V8 Javascript engine, versions of Google Chrome prior to 38.0.2125.104 are vulnerable to the following issues:

- A flaw exists in V8 and IPC that can lead to remote code execution. (CVE-2014-3188)

- Out-of-bounds read errors exist in PDFium. (CVE-2014-3189, CVE-2014-3198)

- Use-after-free errors exist in Events, Rendering, DOM, and Web Workers. (CVE-2014-3190, CVE-2014-3191, CVE-2014-3192, CVE-2014-3194)

- A type confusion error exists in Session Management. (CVE-2014-3193)

- Information leak vulnerabilities exist in the V8 JavaScript engine and the XSS Auditor. (CVE-2014-3195, CVE-2014-3197)

- A security bypass vulnerability exists in the Windows Sandbox. (CVE-2014-3196)

- An error exists related to assertion of bindings in the V8 JavaScript engine. (CVE-2014-3199)

- Multiple unspecified vulnerabilities exist. (CVE-2014-3200)

Note that while version 38.0.2125.101 contains fixes for these issues, it does not include security updates for the built-in Adobe Flash engine, which is released with version 38.0.2125.104.

Solution

Update the Chrome browser to 38.0.2125.104, or later. (Version 38.0.2125.101 fixes all of these vulnerabilities but does not include updates to the built-in Flash engine.)

Plugin Details

Severity: High

ID: 8551

Family: Web Clients

Published: 10/15/2014

Updated: 3/6/2019

Nessus ID: 78081

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:google:chrome

Patch Publication Date: 10/14/2014

Vulnerability Publication Date: 10/7/2014

Reference Information

CVE: CVE-2014-3188

BID: 70262

Detections

Analytics