Summary
This host is installed with Google Chrome and is prone to multiple vulnerabilities.
Impact
Successful exploitation could allow attackers to bypass certain security restrictions, execute arbitrary code in the context of the browser or cause a denial of service.
Impact Level: System/Application
Solution
Upgrade to the Google Chrome 21.0.1180.60 or later, For updates refer to http://www.google.com/chrome
Insight
The flaws are due to
- The application does not properly re-prompt the user when downloading multiple files and can be exploited to trick the user into downloading a malicious file.
- An error when handling drag and drop events.
- Integer overflow errors, use-after-free error, out-of-bounds write error exists within the PDF viewer.
- A use-after-free error exists when handling object linkage in PDFs.
- An error within the 'webRequest' module can be exploited to cause interference with the Chrome Web Store.
- A use-after-free error exits when handling CSS DOM objects.
- An error within the WebP decoder can be exploited to cause a buffer overflow.
- An out-of-bounds access error exists when clicking in date picker.
Affected
Google Chrome version prior to 21.0.1180.60 on Windows
References
Severity
Classification
-
CVE CVE-2012-2847, CVE-2012-2848, CVE-2012-2849, CVE-2012-2850, CVE-2012-2851, CVE-2012-2852, CVE-2012-2853, CVE-2012-2854, CVE-2012-2855, CVE-2012-2856, CVE-2012-2857, CVE-2012-2858, CVE-2012-2860 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities