7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.024 Low
EPSS
Percentile
89.8%
The version of Google Chrome installed on the remote host is a version prior to 35.0.1916.114 and is thus missing fixes for multiple vulnerabilities, some of which include:
Use-after-free vulnerabilities in styles and SVG that may be leveraged by a context-dependent attacker to dereference freed memory and execute arbitrary code (CVE-2014-1743, CVE-2014-1746)
Integer overflow vulnerability due to improper audio file validation, which may be leveraged by an attacker to cause a buffer overflow resulting in arbitrary code execution (CVE-2014-1744)
An out-of-bounds read issue when handling media filters, which can be leveraged to cause a crash and/or potentially disclose memory contents (CVE-2014-1746)
A universal cross-site scripting attack due to insufficient validation when handling local MHTML files (CVE-2014-1747)
A UI spoofing flaw which can be leveraged by a context-dependent attacker to paint a scroll corner larger than the iframe it is attached to, potentially allowing for clickjacking attacks (CVE-2014-1748)
An update to Google V8 engine, which in version 3.25.28.16 fixes an integer underflow vulnerability that could otherwise be leveraged for arbitrary code execution (CVE-2014-3152)
A vulnerability in Blink’s ‘SpeechInput’ speech recongition feature, which may be exploited for information disclosure in conjunction with clickjacking; the feature has since been disabled (CVE-2014-3803)
Other miscellaneous vulnerabilities undisclosed by the vendor (CVE-2014-1749)
Binary data 8263.pasl