Summary
This host is installed with Google Chrome and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attackers to execute arbitrary code with higher privileges, corrupt memory, processing of databases outside a restricted origin path.
Impact Level: System/Application
Solution
Upgrade to the Google Chrome 25.0.1364.152 or later, For updates refer to http://www.google.com/chrome
Insight
Multiple flaws due to,
- Use-after-free error exist in Frame loader, Browser navigation handling, SVG animations.
- Unknown error exist in Web Audio, Indexed DB, Handling of bindings for extension processes, Loading browser plug-in.
- Race condition error exists in media thread handling.
- Path traversal error exists when handling database.
- Origin identifier is not properly sanitized during database handling.
Affected
Google Chrome versions prior to 25.0.1364.152 on Windows
References
Severity
Classification
-
CVE CVE-2013-0902, CVE-2013-0903, CVE-2013-0904, CVE-2013-0905, CVE-2013-0906, CVE-2013-0907, CVE-2013-0908, CVE-2013-0909, CVE-2013-0910, CVE-2013-0911 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Adobe Acrobat Multiple Vulnerabilities-01 Dec14 (Mac OS X)
- Adobe Acrobat Multiple Unspecified Vulnerabilities - Windows
- Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Windows)
- Aastra IP Telephone Hardcoded Telnet Password Security Bypass Vulnerability
- Adobe AIR Multiple Vulnerabilities-01 Dec13 (Windows)