Google Chrome 'JavaScript' And 'HTTPS' Multiple Vulnerabilities - Aug09 Network Vulnerability

Summary

This host is installed with Google Chrome and is prone to multiple vulnerabilities.

Impact

Successful exploitation will allow attacker to spoof the X.509 certificate. Impact Level: Application

Solution

Upgrade to version 2.0.172.43 or later http://www.google.com/chrome

Insight

- When 'Google V8' is used in the application, it allows to bypass intended restrictions on reading memory, and possibly obtain sensitive information in the Chrome sandbox, via crafted JavaScript. - Application fails to prevent SSL connections to a site with an X.509 certificate signed with the MD2 or MD4 algorithm, which makes it easier for man-in-the-middle attackers to spoof arbitrary HTTPS servers via a crafted certificate.

Affected

Google Chrome version prior to 2.0.172.43 on Windows.

References

http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html
http://secunia.com/advisories/36417
http://www.vupen.com/english/advisories/2009/2420

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-2935, CVE-2009-2973

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Aastra IP Telephone Hardcoded Telnet Password Security Bypass Vulnerability
Adobe Acrobat Unspecified vulnerability
Adobe Acrobat Multiple Unspecified Vulnerabilities -01 May13 (Windows)
Adobe Flash Player Buffer Overflow Vulnerability - Apr14 (Windows)
Adobe AIR Multiple Vulnerabilities -01 April 13 (Mac OS X)

Take action and discover your vulnerabilities