Summary
This host is installed with Google Chrome Web Browser and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attacker to obtain sensitive information, execute arbitrary code in the context of the browser, bypass certain security restrictions.
Impact Level: Application
Solution
Upgrade to the version 4.1.249.1059 or later,
For updates refer to http://www.google.com/chrome
Insight
Multiple flaws are due to:
- Type confusion error with 'forms'
- An unspecified error in the handling of 'HTTP requests', which leads to cross-site request forgery attacks.
- An error related to 'chrome://net-internals' and 'chrome://downloads', which leads to cross-site scripting attacks
- Error related to local file references through 'developer tools' - Pages that might load with privileges of the 'New Tab page'.
- An unspecified error in 'V8 bindings' causes a denial of service
Affected
Google Chrome version prior to 4.1.249.1059 on windows
References
Severity
Classification
-
CVE CVE-2010-1500, CVE-2010-1502, CVE-2010-1503, CVE-2010-1504, CVE-2010-1505, CVE-2010-1506, CVE-2010-1767 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Air Multiple Vulnerabilities -01 May 13 (Windows)
- Adobe Air Code Execution and DoS Vulnerabilities (MAC OS X)
- Adobe Air Remote Code Execution Vulnerability -June13 (Mac OS X)
- Adobe Acrobat Multiple Vulnerabilities - 01 Jan14 (Windows)
- Adobe Flash Player Buffer Overflow Vulnerability - Apr14 (Mac OS X)