Summary
The host is installed with Google Chrome and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow remote attackers to conduct a denial of service and possibly have other unspecified impact.
Impact Level: System/Application
Solution
Upgrade to Google Chrome 35.0.1916.153 or later,
For updates refer to http://www.google.com/chrome
Insight
The flaws are due to,
- A use-after-free error in the 'ChildThread::Shutdown' function in content/child/child_thread.cc script related to the filesystem API.
- An out-of-bounds read flaw in SPDY related to reentrancy.
- An overflow condition related to bitmap handling in the clipboard code.
- An overflow condition in the 'FFmpegVideoDecoder::GetVideoBuffer' function in media/filters/ffmpeg_video_decoder.cc script.
Affected
Google Chrome version prior to 35.0.1916.153 on Windows.
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2014-3154, CVE-2014-3155, CVE-2014-3156, CVE-2014-3157 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Windows)
- Adobe Air Remote Code Execution Vulnerability -June13 (Mac OS X)
- Adobe Acrobat Multiple Unspecified Vulnerabilities-01 Sep13 (Mac OS X)
- Adobe Flash Player Buffer Overflow Vulnerability - Apr14 (Mac OS X)
- Adobe Air Multiple Vulnerabilities -01 May 13 (Mac OS X)