Summary
The host is installed with Google Chrome
and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attackers
to spoof certain content, bypass certain security restrictions, and compromise a user's system.
Solution
Upgrade to Google Chrome version 37.0.2062.94
or later, For updates refer to http://www.google.com/chrome
Insight
Multiple Flaws are due to,
- Some errors within V8, IPC, sync, and extensions.
- A use-after-free error exists within SVG.
- A use-after-free error exists within DOM.
- An error within Extension permission dialog.
- A use-after-free error exists within bindings.
- An error exists within extension debugging.
- An uninitialized memory read error exists in WebGL.
- An uninitialized memory read error exists in Web Audio.
- and some unspecified errors exist.
Affected
Google Chrome version prior to 37.0.2062.94
on Windows.
Detection
Get the installed version with the help of
detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2014-3168, CVE-2014-3169, CVE-2014-3170, CVE-2014-3171, CVE-2014-3172, CVE-2014-3173, CVE-2014-3174, CVE-2014-3175, CVE-2014-3176, CVE-2014-3177 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- 7T Interactive Graphical SCADA System Multiple Security Vulnerabilities
- Adobe AIR Multiple Vulnerabilities -02 April 13 (Windows)
- Adobe ExtendedScript Toolkit (ESTK) Insecure Library Loading Vulnerability (Win)
- Adobe Air Multiple Vulnerabilities - December12 (Windows)
- Adobe Air Remote Code Execution Vulnerability -June13 (Mac OS X)