| VID |
28787 |
| Severity |
30 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
A version of Google Chrome which is older than 2.0.172.43 has been installed on the host. Google Chrome is a web browser released by Google. Google Chrome versions prior to 2.0.172.43 are vulnerable to multiple vulnerabilities.
- A flaw in the V8 JavaScript engine might allow a specially crafted JavaScript page to access
unauthorized data in memory or to execute arbitrary code within the Google Chrome sandbox. (CVE-2009-2935)
- The browser can connect to SSL-enabled sites whose certificates use weak hash algorithms, such as MD2 and MD4. An attacker may be able exploit this issue to forge certificates and spoof an invalid website as a valid HTTPS site. (#18725)
- A stack consumption vulnerability in libxml2 library could be exploited to crash the Google Chrome tab process or execute arbitrary code with in Google Chrome sandbox.(CVE-2009-2414)
- Multiple use-after-free vulnerabilities in libxml2 library could be exploited to crash the Google Chrome tab process or execute arbitrary code with in Google Chrome sandbox. (CVE-2009-2416)
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of this condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://code.google.com/p/chromium/issues/detail?id=18639
http://code.google.com/p/chromium/issues/detail?id=18725
http://googlechromereleases.blogspot.kr/2009/08/stable-update-security-fixes.html
* Platforms Affected:
Google Chrome versions prior to 2.0.172.43
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version Google Chrome (2.0.172.43 or later), available from the Google Web site at http://www.google.com/chrome/ |
| Related URL |
CVE-2009-2414,CVE-2009-2416,CVE-2009-2935 (CVE) |
| Related URL |
36010,36149 (SecurityFocus) |
| Related URL |
(ISS) |
|
