Summary
This host is installed with Google Chrome and is prone to multiple vulnerabilities.
Impact
Successful exploitation will let the attacker bypass restrictions, disclose sensitive information or compromise a vulnerable system.
Impact Level: Application
Solution
Upgrade to version 4.0.249.89 or later.
http://www.google.com/chrome
Insight
The multiple flaws are due to:
- An unspecified 'DNS' and 'fall-back' behavior of proxies, which could disclose sensitive information.
- An integer overflow errors in the 'v8 engine', which could be exploited to execute arbitrary code.
- An error related to the processing of 'ruby' tags, which could be exploited to execute arbitrary code.
- An error related to 'iframe' data, which could leak redirection targets.
- An error when displaying HTTP authentication dialogs, which could allow phishing attacks.
- An integer overflow when deserializing 'sandbox' messages, which could allow code execution.
Affected
Google Chrome version prior to 4.0.249.89
References
Severity
Classification
-
CVE CVE-2010-0556, CVE-2010-0643, CVE-2010-0644, CVE-2010-0645, CVE-2010-0646, CVE-2010-0647, CVE-2010-0649 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Active Perl Locale::Maketext Module Multiple Code Injection Vulnerabilities (Windows)
- Adobe AIR Multiple Vulnerabilities -01 Feb13 (Windows)
- Adobe AIR Multiple Vulnerabilities-01 Sep14 (Mac OS X)
- Adobe Air Multiple Vulnerabilities - November12 (Mac OS X)
- Adobe Acrobat Multiple Unspecified Vulnerabilities-01 Sep13 (Windows)