| Description: | Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.
Vulnerability Insight:
The following package is affected: chromium
CVE-2012-2889
Cross-site scripting (XSS) vulnerability in Google Chrome before
22.0.1229.79 allows remote attackers to inject arbitrary web script or
HTML via vectors involving frames, aka 'Universal XSS (UXSS).'
CVE-2012-2886
Cross-site scripting (XSS) vulnerability in Google Chrome before
22.0.1229.79 allows remote attackers to inject arbitrary web script or
HTML via vectors related to the Google V8 bindings, aka 'Universal XSS
(UXSS).'
CVE-2012-2881
Google Chrome before 22.0.1229.79 does not properly handle plug-ins,
which allows remote attackers to cause a denial of service (DOM tree
corruption) or possibly have unspecified other impact via unknown
vectors.
CVE-2012-2876
Buffer overflow in the SSE2 optimization functionality in Google
Chrome before 22.0.1229.79 allows remote attackers to cause a denial
of service or possibly have unspecified other impact via unknown
vectors.
CVE-2012-2883
Skia, as used in Google Chrome before 22.0.1229.79, allows remote
attackers to cause a denial of service or possibly have unspecified
other impact via vectors that trigger an out-of-bounds write
operation, a different vulnerability than CVE-2012-2874.
CVE-2012-2887
Use-after-free vulnerability in Google Chrome before 22.0.1229.79
allows remote attackers to cause a denial of service or possibly have
unspecified other impact via vectors involving onclick events.
CVE-2012-2888
Use-after-free vulnerability in Google Chrome before 22.0.1229.79
allows remote attackers to cause a denial of service or possibly have
unspecified other impact via vectors involving SVG text references.
Text truncated. Please see the references for more information.
This VT has been deprecated and is therefore no longer functional.
Solution:
Update your system with the appropriate patches or
software upgrades.
CVSS Score:
7.5
CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
