| VID |
28862 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
A version of Google Chrome which is older than 21.0.1180.89 has been installed on the host. Google Chrome is a web browser released by Google. Google Chrome versions prior to 21.0.1180.89 are vulnerable to multiple vulnerabilities.
- An out-of-bounds read error exists related to line-breaking. (CVE-2012-2865)
- Variable casting errors exist related to 'run-ins' and XSL transformations. (CVE-2012-2866, CVE-2012-2871)
- An unspecified error exists related to the SPDY protocol that can result in application crashes. (CVE-2012-2867)
- A unspecified race condition exists related to 'workers' and XHR. (CVE-2012-2868)
- An unspecified error exists related to stale buffers and URL loading. (CVE-2012-2869)
- Memory management issues exist related to XPath processing. (CVE-2012-2870)
- Cross-site scripting is possible during the SSL interstitial process. (CVE-2012-2872)
Successful exploitation of any of these issue could lead to an application crash or even allow arbitrary code execution, subject to the user's privileges.
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of this condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://googlechromereleases.blogspot.kr/2012/08/stable-channel-update_30.html
* Platforms Affected:
Google Chrome versions prior to 21.0.1180.89
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version Google Chrome (21.0.1180.89 or later), available from the Google Web site at http://www.google.com/chrome/ |
| Related URL |
CVE-2012-2865,CVE-2012-2866,CVE-2012-2867,CVE-2012-2868,CVE-2012-2869,CVE-2012-2870,CVE-2012-2871,CVE-2012-2872 (CVE) |
| Related URL |
55331 (SecurityFocus) |
| Related URL |
(ISS) |
|
