Summary
The host is running Google Chrome and is prone to multiple vulnerabilities.
Impact
Successful exploitation could allow attackers to execute arbitrary code in the context of the browser, cause denial-of-service conditions, bypass the same-origin policy, and disclose potentially sensitive information.
Impact Level: Application
Solution
Upgrade to the Google Chrome 12.0.742.91 or later, For updates refer to http://www.google.com/chrome
Insight
The flaws are due to
- Use-after-free vulnerability due to integer issues in float handling.
- Use-after-free vulnerability in accessibility support.
- Error in 'Cascading Style Sheets (CSS)' implementation, which fails to properly restrict access to the visit history, which allows remote attackers to obtain sensitive information via unspecified vectors.
- Not properly handling a large number of form submissions.
- Bypassing extensions permission.
- 'Stale pointer' in extension framework.
- Attempts to read data from an uninitialized pointer.
- Extension script injection into new tab page.
- Use-after-free vulnerability in developer tools, image loader - Fails to properly implement history deletion.
- Extension injection into 'chrome://' pages.
- Same origin bypass in 'v8' and 'DOM'.
Affected
Google Chrome version prior to 12.0.742.91 on Linux
References
Updated on 2015-03-25
Severity
Classification
-
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Adobe Flash Player Code Execution and DoS Vulnerabilities (Linux)
- Adobe Acrobat and Reader Multiple Vulnerabilities -Oct10 (Windows)
- Adobe Air Remote Code Execution Vulnerability -June13 (Windows)
- Adobe Air and Flash Player Multiple Vulnerabilities August-2011 (Windows)
- Adobe Acrobat Multiple Unspecified Vulnerabilities -01 May13 (Mac OS X)