Google Chrome < 23.0.1271.64 Multiple Vulnerabilities
PVS ID: 6616 FAMILY: Web Clients RISK: HIGH NESSUS ID:62861
Description: Synopsis :\n\nThe remote host contains a web browser that is affected by multiple vulnerabilities.\n\nFor your information, the observed version of Google Chrome is :\n %L \n\nVersions of Google Chrome earlier than 23.0.1271.64 are potentially affected by the following vulnerabilities :\n\n - Use-after-free errors exist related to SVG filter handling, video layout, extension tab handling and plug-in placeholder handling. (CVE-2012-5116, CVE-2012-5121, CVE-2012-5125, CVE-2012-5126)\n\n - An error exists related to inappropriate SVG subresource loading in the 'img' context. (CVE-2012-5117)\n\n - A race condition exists related to 'Pepper' buffer handling. (CVE-2012-5119)\n\n - A bad cast error exists related to input handling. (CVE-2012-5122)\n\n - Out-of-bounds reads exist related to Skia. (CVE-2012-5123)\n\n - A memory corruption error exists related to texture handling. (CVE-2012-5124)\n\n - An integer overflow error exists related to 'WebP' handling. This error can lead to out-of-bounds reads. (CVE-2012-5127)\n\n - An improper write error exists related to the 'v8' JavaScript engine. (CVE-2012-5128)\n\nSuccessful exploitation of any of these issues could lead to an application crash or even allow arbitrary code execution, subject to the user's privileges.\n

Solution: Upgrade to Google Chrome 23.0.1271.64 or later.


Copyright Tenable Network Security Inc. 2012