Description: | Summary: The host is running Google Chrome and is prone to multiple vulnerabilities.
Vulnerability Insight: The flaws are due to
- Use-after-free vulnerability due to integer issues in float handling.
- Use-after-free vulnerability in accessibility support.
- Error in 'Cascading Style Sheets (CSS)' implementation, which fails to properly restrict access to the visit history, which allows remote attackers to obtain sensitive information via unspecified vectors.
- Not properly handling a large number of form submissions.
- Bypassing extensions permission.
- 'Stale pointer' in extension framework.
- Attempts to read data from an uninitialized pointer.
- Extension script injection into new tab page.
- Use-after-free vulnerability in developer tools, image loader
- Fails to properly implement history deletion.
- Extension injection into 'chrome://' pages.
- Same origin bypass in 'v8' and 'DOM'.
Vulnerability Impact: Successful exploitation could allow attackers to execute arbitrary code in the context of the browser, cause denial-of-service conditions, bypass the same-origin policy, and disclose potentially sensitive information.
Affected Software/OS: Google Chrome version prior to 12.0.742.91 on windows
Solution: Upgrade to the Google Chrome 12.0.742.91 or later.
CVSS Score: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
|