Summary
The host is running Google Chrome and is prone to multiple vulnerabilities.
Impact
Successful exploitation could allow attackers to cause denial-of-service.
Impact Level: Application
Solution
Upgrade to the Google Chrome 10.0.648.127 or later, For updates refer to http://www.google.com/chrome
Insight
The flaws are due to
- Not preventing 'navigation' and 'close' operations on the top location of a sandboxed frame.
- Cross-origin error message leak.
- Error in performing 'box layout'.
- Memory corruption error in 'counter nodes'.
- Error in 'Web Workers' implementation which allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an error message leak.
- Use-after-free vulnerability in 'DOM URL' handling.
- Error in 'Google V8', which allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
- Use-after-free vulnerability in document script lifetime handling.
- Error in performing 'table painting'.
- Error in 'OGG' container implementation.
- Use of corrupt out-of-bounds structure in video code.
- Error in handling DataView objects.
- Bad cast in text rendering.
- Error in context implementation in WebKit.
- Unspecified vulnerability in the 'XSLT' implementation.
- Not properly handling 'SVG' cursors.
- 'DOM' tree corruption with attribute handling.
- Corruption via re-entrancy of RegExp code.
Affected
Google Chrome version prior to 10.0.648.127 on Windows
References
Updated on 2015-03-25
Severity
Classification
-
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities