Summary
This host is installed with Google Chrome Web Browser and is prone to multiple vulnerabilities.
Impact
Successful exploitation will let the attacker execute arbitrary code, bypass security restrictions, sensitive information disclosure, and can cause other attacks.
Impact Level: Application
Solution
Upgrade to the version 4.1.249.1036 or later,
For updates refer to http://www.google.com/chrome
Insight
Multiple flaws are due to:
- An error in handling 'SVG' document.
- Multiple race conditions in the 'sandbox' infrastructure.
- An error in 'sandbox' infrastructure which does not properly use pointers.
- An error in proceesing of 'HTTP' headers, processes HTTP headers before invoking the SafeBrowsing feature.
- not having the expected behavior for attempts to delete Web SQL Databases and clear the 'Strict Transport Security (STS)' state.
- An error in processing of 'HTTP Basic Authentication dialog'.
- Multiple integer overflows errors when processing 'WebKit JavaScript' objects.
- not properly restricting cross-origin operations, which has unspecified impact and remote attack vectors.
Affected
Google Chrome version prior to 4.1.249.1036 on Windows.
References
Severity
Classification
-
CVE CVE-2010-1228, CVE-2010-1229, CVE-2010-1230, CVE-2010-1231, CVE-2010-1232, CVE-2010-1233, CVE-2010-1234, CVE-2010-1235, CVE-2010-1236, CVE-2010-1237 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Acrobat Sandbox Bypass Vulnerability - Aug14 (Windows)
- Adobe Acrobat and Reader Multiple Vulnerabilities -Oct10 (Windows)
- Adobe AIR Multiple Vulnerabilities -01 April 13 (Mac OS X)
- Adobe AIR Multiple Vulnerabilities-01 Sep13 (Mac OS X)
- Adobe Acrobat and Reader Multiple Vulnerabilities -July10 (Windows)