| VID |
28821 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
A version of Google Chrome which is older than 6.0.472.53 has been installed on the host. Google Chrome is a web browser released by Google. Google Chrome versions prior to 6.0.472.53 are vulnerable to multiple vulnerabilities.
- It is possible to bypass the pop-up blocker with a blank frame target . (Bug 34414)
- It is possible to visually spoof the URL bar with homographic sequences. (Bug 37201)
- Restrictions on setting clipboard content are not strict enough. (Bug 41654)
- A stale pointer exists with SVG filters. (Bug 45659)
- It may be possible to enumerate installed extensions.(Bug 45876)
- An unspecified vulnerability in WebSockets could lead to a browser NULL crash. (Bugs 46750, 51846)
- A use-after-free error exists in the Notifications presenter. (Bug 50386)
- An unspecified memory corruption issue exists in Notification permissions. (Bug 50839)
- Multiple unspecified integer errors exist in WebSockets. (Bugs 51360, 51739)
- A memory corruption issue exists with counter nodes. (Bug 51653)
- Chrome may store an excessive amount of autocomplete entries. (Bug 51727)
- A stale pointer exists in focus handling. (Bug 52443)
- A Sandbox parameter deserialization error exists.(Bug 52682)
- An unspecified cross-origin image theft issue exists.(Bug 53001)
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of this condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://googlechromereleases.blogspot.kr/2010/09/stable-and-beta-channel-updates.html
* Platforms Affected:
Google Chrome versions prior to 6.0.472.53
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version Google Chrome (6.0.472.53 or later), available from the Google Web site at http://www.google.com/chrome/ |
| Related URL |
CVE-2010-3246,CVE-2010-3247,CVE-2010-3248,CVE-2010-3249,CVE-2010-3250,CVE-2010-3251,CVE-2010-3252,CVE-2010-3253,CVE-2010-3254 (CVE) |
| Related URL |
42952 (SecurityFocus) |
| Related URL |
(ISS) |
|
