Summary
This host is installed with Google Chrome and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow remote attackers to cause a denial of service condition, information disclosure or possibly have other impact via unknown vectors.
Impact Level: Application
Solution
Upgrade to Google Chrome version 31.0.1650.48 or later.
For updates refer to http://www.google.com/chrome
Insight
Multiple flaws are due to,
- Use after free related to speech input elements
- Use after free related to media elements
- Out of bounds read in SVG
- Use after free related to 'id' attribute strings - Use after free in DOM ranges
- Address bar spoofing related to interstitial warnings - Out of bounds read in HTTP parsing
- Issue with certificates not being checked during TLS renegotiation - Read of uninitialized memory in libjpeg and libjpeg-turbo
Affected
Google Chrome version prior to 31.0.1650.48 on Windows
Detection
Get the installed version of Google Chrome and check the version.
References
Severity
Classification
-
CVE CVE-2013-2931, CVE-2013-6621, CVE-2013-6622, CVE-2013-6623, CVE-2013-6624, CVE-2013-6625, CVE-2013-6626, CVE-2013-6627, CVE-2013-6628, CVE-2013-6629, CVE-2013-6630, CVE-2013-6631 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Air Multiple Vulnerabilities -01 August 12 (Mac OS X)
- 7T Interactive Graphical SCADA System Multiple Security Vulnerabilities
- Adobe AIR Multiple Vulnerabilities -02 April 13 (Windows)
- Adobe Acrobat Multiple Vulnerabilities-01 Dec14 (Windows)
- Adobe Acrobat and Reader Multiple Vulnerabilities -Oct10 (Windows)