Google Chrome < 30.0.1599.66 Multiple Vulnerabilities

high Nessus Network Monitor Plugin ID 8015

Synopsis

The remote host contains a web browser that is affected by multiple vulnerabilities.

Description

The remote host has Google Chrome browser installed. Versions of Google Chrome prior to 30.0.1599.66 are affected by the following vulnerabilities :

- A security vulnerability exists due to races in web audio. (CVE-2013-2906)

- An out-of-bounds read error in 'Window.prototype' object. (CVE-2013-2907)

- Multiple address bar spoofing vulnerabilities exists related to the '204 No Content' status code. (CVE-2013-2908, CVE-2013-2916)

- A use-after-free issue in inline-block rendering. (CVE-2013-2909)

- A use-after-free issue in Web Audio. (CVE-2013-2910)

- A use-after-free issue in XSLT. (CVE-2013-2911)

- A use-after-free issue in PPAPI. (CVE-2013-2912)

- A use-after-free issue in XML document parsing. (CVE-2013-2913)

- A use-after-free issue in the Windows color chooser dialog. (CVE-2013-2914)

- An address bar spoofing vulnerability occurs though a malformed scheme (CVE-2013-2915)

- An out-of-bounds read error in web audio. (CVE-2013-2917)

- A use-after-free issue in Dom. (CVE-2013-2918)

- A memory-corruption vulnerability exists in V8

- (CVE-2013-2919)

- An out-of-bounds read error in URL parsing. (CVE-2013-2920)

- A use-after-free issue in resource loader. (CVE-2013-2921)

- A use-after-free issue in template element. (CVE-2013-2922)

- Multiple unspecified issues affect the application. (CVE-2013-2923)

- A use-after-free issue in ICU. (CVE-2013-2924)

Solution

Upgrade to Google Chrome 30.0.1599.66 or later.

See Also

http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html

Plugin Details

Severity: High

ID: 8015

Family: Web Clients

Published: 9/2/2013

Updated: 3/6/2019

Nessus ID: 70273

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:google:chrome

Patch Publication Date: 9/1/2013

Vulnerability Publication Date: 9/1/2013

Reference Information

CVE: CVE-2013-2906

BID: 62752