Google Chrome < 24.0.1312.52 Multiple Vulnerabilities
PVS ID: 6663 FAMILY: Web Clients RISK: HIGH NESSUS ID:63468
Description: Synopsis :\n\nThe remote host contains a web browser that is affected by multiple vulnerabilities.\n\nFor your information, the observed version of Google Chrome is :\n %L \n\nVersions of Google Chrome earlier than 24.0.1312.52 are potentially affected by the following vulnerabilities :\n\n - Use-after-free errors exist related to SVG layout, DOM handling, video seeking, PDF fields and printing. (CVE-2012-5145, CVE-2012-5147, CVE-2012-5150, CVE-2012-5156, CVE-2013-0832)\n\n - An error related to malformed URLs can allow a Same Origin Policy (SOP) bypass, thereby allowing cross-site scripting attacks. (CVE-2012-5146)\n\n - A user-input validation error exists related to filenames and hyphenation support. (CVE-2012-5148)\n\n - Integer overflow errors exist related to audio IPC handling, PDF JavaScript and shared memory allocation. (CVE-2012-5149, CVE-2012-5151, CVE-2012-5154)\n\n - Out-of-bounds read errors exist related to video seeking, PDF image handling, printing and glyph handling. (CVE-2012-5152, CVE-2012-5157, CVE-2012-0833, CVE-2012-0834)\n\n - An out-of-bounds stack access error exists in the v8 JavaScript engine. (CVE-2012-5153)\n\n - A casting error exists related to PDF 'root' handling. (CVE-2013-0828)\n\n - An unspecified error exists that can corrupt database metadata leading to incorrect file access. (CVE-2013-0829)\n\n - An error exists related to IPC and 'NUL' termination. (CVE-2013-0830)\n\n - An error exists related to extensions that may allow improper path traversals. (CVE-2013-0831)\n\n - An unspecified error exists related to geolocation. (CVE-2013-0835)\n\n - An unspecified error exists related to garbage collection in the v8 JavaScript engine. (CVE-2013-0836)\n\n - An unspecified error exists related to extension tab handling. (CVE-2013-0837)\n\n - The bundled version of Adobe Flash Player contains flaws that can lead to arbitrary code execution. (CVE-2013-0630)\nSuccessful exploitation of some of these issues could lead to an application crash or even allow arbitrary code execution, subject to the user's privileges.

Solution: Upgrade to Google Chrome 24.0.1312.52 or later.


Copyright Tenable Network Security Inc. 2013