| VID |
28861 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
A version of Google Chrome which is older than 21.0.1180.60 has been installed on the host. Google Chrome is a web browser released by Google. Google Chrome versions prior to 21.0.1180.60 are vulnerable to multiple vulnerabilities.
- Re-prompts are not displayed for excessive downloads. (CVE-2012-2847)
- Drag and drop file access restrictions are not restrictive enough. (CVE-2012-2848)
- An off-by-one read error exists related to GIF decoding. (CVE-2012-2849)
- Various, unspecified errors exist related to PDF processing. (CVE-2012-2850)
- Various, unspecified integer overflows exist related to PDF processing. (CVE-2012-2851)
- A use-after-free error exists related to object linkage and PDF processing. (CVE-2012-2852)
- An error exists related to 'webRequest' and 'Chrome Web Store' interference. (CVE-2012-2853)
- Pointer values can be leaked to 'WebUI' renderers. (CVE-2012-2854)
- An unspecified use-after-free error exists related to PDF processing. (CVE-2012-2855)
- Unspecified out-of-bounds reads exist related to the PDF viewer. (CVE-2012-2856)
- A use-after-free error exists related to CSS DOM processing. (CVE-2012-2857)
- A buffer overflow exists related to 'WebP' decoding. (CVE-2012-2858)
- An out-of-bounds access error exists related to the date picker. (CVE-2012-2860)
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of this condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://secunia.com/advisories/50105/
* Platforms Affected:
Google Chrome versions prior to 21.0.1180.60
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version Google Chrome (21.0.1180.60 or later), available from the Google Web site at http://www.google.com/chrome/ |
| Related URL |
CVE-2012-2847,CVE-2012-2848,CVE-2012-2849,CVE-2012-2850,CVE-2012-2851,CVE-2012-2852,CVE-2012-2853,CVE-2012-2854,CVE-2012-2855,CVE-2012-2856 (CVE) |
| Related URL |
54749 (SecurityFocus) |
| Related URL |
(ISS) |
|
