7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.088 Low
EPSS
Percentile
94.6%
The version of Google Chrome installed on the remote host is earlier than 14.0.835.163 and is affected by multiple vulnerabilities:
A race condition exists related to the certificate cache. (Issue #49377)
The Windows Media Player plugin allows click-free access to the system Flash. (Issue #51464)
MIME types are not treated authoritatively at plugin load time. (Issue #75070)
An unspecified error allows V8 script object wrappers to crash. (Issue #76771)
The included PDF functionality contains a garbage collection error. (Issue #78639)
Out-of-bounds read issues exist related to media buffers, mp3 files, box handling, Khmer characters, video handling, Tibetan characters, and triangle arrays. (Issues #82438, #85041, #89991, #90134, #90173, #95563, #95625)
An unspecified error allows data displayed in the URL to be spoofed. (Issue #83031)
Use-after-free errors exist related to unload event handling, the document loader, plugin handling, ruby, table style handling, and the focus controller.
(Issues #89219, #89330, #91197, #92651, #94800, #93420, #93587)
The URL bar can be spoofed in an unspecified manner related to the forward button. (Issue #89564)
An NULL pointer error exists related to WebSockets.
(Issue #89795)
An off-by-one error exists related to the V8 JavaScript engine. (Issue #91120)
A stale node error exists related to CSS stylesheet handling. (Issue #92959)
A cross-origin bypass error exists related to the V8 JavaScript engine. (Issue #93416)
A double-free error exists related to XPath handling in libxml. (Issue #93472)
Incorrect permissions are assigned to non-gallery pages. (Issue #93497)
An improper string read occurs in the included PDF functionality. (Issue #93596)
An unspecified error allows unintended access to objects built in to the V8 JavaScript engine.
(Issue #93906)
Self-signed certificates are not pinned properly.
(Issue #95917)
A variable-type confusion issue exists in the V8 JavaScript engine related to object sealing.
(Issue #95920)
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(56230);
script_version("1.16");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");
script_cve_id(
"CVE-2011-2830",
"CVE-2011-2834",
"CVE-2011-2835",
"CVE-2011-2836",
"CVE-2011-2838",
"CVE-2011-2839",
"CVE-2011-2840",
"CVE-2011-2841",
"CVE-2011-2843",
"CVE-2011-2844",
"CVE-2011-2846",
"CVE-2011-2847",
"CVE-2011-2848",
"CVE-2011-2849",
"CVE-2011-2850",
"CVE-2011-2851",
"CVE-2011-2852",
"CVE-2011-2853",
"CVE-2011-2854",
"CVE-2011-2855",
"CVE-2011-2856",
"CVE-2011-2857",
"CVE-2011-2858",
"CVE-2011-2859",
"CVE-2011-2860",
"CVE-2011-2861",
"CVE-2011-2862",
"CVE-2011-2864",
"CVE-2011-2874",
"CVE-2011-2875",
"CVE-2011-3234"
);
script_bugtraq_id(49658, 49933);
script_xref(name:"EDB-ID", value:"17929");
script_name(english:"Google Chrome < 14.0.835.163 Multiple Vulnerabilities");
script_set_attribute(attribute:"synopsis", value:
"The remote host contains a web browser that is affected by multiple
vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of Google Chrome installed on the remote host is earlier
than 14.0.835.163 and is affected by multiple vulnerabilities:
- A race condition exists related to the certificate
cache. (Issue #49377)
- The Windows Media Player plugin allows click-free
access to the system Flash. (Issue #51464)
- MIME types are not treated authoritatively at plugin
load time. (Issue #75070)
- An unspecified error allows V8 script object wrappers
to crash. (Issue #76771)
- The included PDF functionality contains a garbage
collection error. (Issue #78639)
- Out-of-bounds read issues exist related to media
buffers, mp3 files, box handling, Khmer characters,
video handling, Tibetan characters, and triangle
arrays. (Issues #82438, #85041, #89991, #90134, #90173,
#95563, #95625)
- An unspecified error allows data displayed in the URL
to be spoofed. (Issue #83031)
- Use-after-free errors exist related to unload event
handling, the document loader, plugin handling, ruby,
table style handling, and the focus controller.
(Issues #89219, #89330, #91197, #92651, #94800, #93420,
#93587)
- The URL bar can be spoofed in an unspecified manner
related to the forward button. (Issue #89564)
- An NULL pointer error exists related to WebSockets.
(Issue #89795)
- An off-by-one error exists related to the V8 JavaScript
engine. (Issue #91120)
- A stale node error exists related to CSS stylesheet
handling. (Issue #92959)
- A cross-origin bypass error exists related to the V8
JavaScript engine. (Issue #93416)
- A double-free error exists related to XPath handling
in libxml. (Issue #93472)
- Incorrect permissions are assigned to non-gallery
pages. (Issue #93497)
- An improper string read occurs in the included PDF
functionality. (Issue #93596)
- An unspecified error allows unintended access to
objects built in to the V8 JavaScript engine.
(Issue #93906)
- Self-signed certificates are not pinned properly.
(Issue #95917)
- A variable-type confusion issue exists in the V8
JavaScript engine related to object sealing.
(Issue #95920)");
# https://chromereleases.googleblog.com/2011/09/stable-channel-update_16.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?642ea0af");
script_set_attribute(attribute:"solution", value:
"Upgrade to Google Chrome 14.0.835.163 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2011/09/16");
script_set_attribute(attribute:"patch_publication_date", value:"2011/09/16");
script_set_attribute(attribute:"plugin_publication_date", value:"2011/09/19");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:google:chrome");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2011-2022 Tenable Network Security, Inc.");
script_dependencies("google_chrome_installed.nasl");
script_require_keys("SMB/Google_Chrome/Installed");
exit(0);
}
include("google_chrome_version.inc");
get_kb_item_or_exit("SMB/Google_Chrome/Installed");
installs = get_kb_list("SMB/Google_Chrome/*");
google_chrome_check_version(installs:installs, fix:'14.0.835.163', severity:SECURITY_HOLE);
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2830
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2834
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2835
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2836
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2838
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2839
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2840
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2841
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2843
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2844
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2846
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2847
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2848
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2849
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2850
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2851
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2852
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2853
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2854
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2855
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2856
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2857
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2858
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2859
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2860
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2861
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2862
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2864
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2874
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2875
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3234
www.nessus.org/u?642ea0af