Summary
The host is installed with Google Chrome and is prone to multiple vulnerabilities.
Impact
Successful exploitation could allow attackers to inject scripts, bypass certain security restrictions, execute arbitrary code in the context of the browser or cause a denial of service.
Impact Level: System/Application
Solution
Upgrade to the Google Chrome 18.0.1025.151 or later, For updates refer to http://www.google.com/chrome
Insight
The flaws are due to
- Unspecified errors in flash player, allows to corrupt memory in the chrome interface.
- An out of bounds read error when handling Skia clipping.
- Errors in the cross origin policy when handling iframe replacement and parenting pop up windows.
- Multiple use after free errors when handling line boxes, v8 bindings, HTMLMediaElement, SVG resources, media content, focus events and when applying style commands.
- A read after free error in the script bindings.
Affected
Google Chrome version prior to 18.0.1025.151 on Windows
References
Severity
Classification
-
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Air Multiple Vulnerabilities - November12 (Windows)
- Adobe Acrobat Out-of-bounds Vulnerability Feb15 (Windows)
- Adobe Extension Manager CS5 Insecure Library Loading Vulnerability (Win)
- Adobe Flash Player Arbitrary Code Execution Vulnerability - 01 Feb14 (Linux)
- Adobe Acrobat Multiple Vulnerabilities -01 Jan 13 (Windows)