Summary
The host is installed with Google Chrome and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow remote attackers to conduct a denial of service, inject arbitrary web script or HTML, spoof the UI, enable microphone access and obtain speech-recognition text and possibly have other unspecified impact.
Impact Level: System/Application
Solution
Upgrade to Google Chrome 35.0.1916.114 or later,
For updates refer to http://www.google.com/chrome
Insight
The flaws are due to,
- A use-after-free error exists in 'StyleElement::removedFromDocument' function within core/dom/StyleElement.cpp.
- An integer overflow error exists in 'AudioInputRendererHost::OnCreateStream' function in media/audio_input_renderer_host.cc.
- A use-after-free error exists within SVG.
- An error within media filters in 'InMemoryUrlProtocol::Read'.
- An error in 'DocumentLoader::maybeCreateArchive' function related to a local MHTML file.
- An error in 'ScrollView::paint' function related to scroll bars.
- Multiple unspecified errors exist.
- An integer overflow error in 'LCodeGen::PrepareKeyedOperand' function in arm/lithium-codegen-arm.cc within v8.
- Some error in speech API within Blink.
Affected
Google Chrome version prior to 35.0.1916.114 on Mac OS X.
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2014-1743, CVE-2014-1744, CVE-2014-1745, CVE-2014-1746, CVE-2014-1747, CVE-2014-1748, CVE-2014-1749, CVE-2014-3152, CVE-2014-3803 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Adobe Acrobat Multiple Vulnerabilities April-2012 (Windows)
- Adobe Acrobat and Reader PDF Handling Multiple Vulnerabilities (Linux)
- Adobe Acrobat Multiple Vulnerabilities - 01 Jan14 (Mac OS X)
- Adobe Air Multiple Vulnerabilities - November12 (Windows)
- Adobe ExtendedScript Toolkit (ESTK) Insecure Library Loading Vulnerability (Win)