Summary
The host is installed with Google Chrome and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow remote attackers to conduct a denial of service and potentially execute arbitrary code.
Impact Level: System/Application
Solution
Upgrade to Google Chrome 34.0.1847.137 or later,
For updates refer to http://www.google.com/chrome
Insight
The flaws are due to,
- A use-after-free error in WebSockets.
- An integer overflow error in the 'CharacterData::deleteData' and 'CharacterData::replaceData' functions in dom/CharacterData.cpp.
- A use-after-free error in the 'FrameSelection::updateAppearance' function in editing/FrameSelection.cpp related to editing.
Affected
Google Chrome version prior to 34.0.1847.137 on Mac OS X.
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2014-1740, CVE-2014-1741, CVE-2014-1742 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Adobe Flash Player Buffer Overflow Vulnerability - Apr14 (Windows)
- Adobe Acrobat Remote Code Execution Vulnerability(Win)
- Adobe AIR Code Execution and DoS Vulnerabilities Nov13 (Windows)
- Adobe Acrobat and Reader Multiple Vulnerabilities -July10 (Windows)
- Adobe Acrobat Multiple Vulnerabilities - 01 May14 (Windows)