Description: | Summary: This host is installed with Google Chrome and is prone to multiple vulnerabilities.
Vulnerability Insight: - An integer overflow error exists in WebP handling.
- An error in v8 can be exploited to cause an out-of-bounds array access.
- Multiple use-after-free error exists in SVG filter, video layout, extension tab and plug-in placeholder, handling.
- An error exists related to integer boundary checks within GPU command buffers.
- An error exists related to inappropriate loading of SVG sub resource in 'img' context.
- A race condition error exists in Pepper buffer handling.
- A type casting error exists in certain input handling.
- An error in Skia can be exploited to cause an out-of-bounds read.
- An error in texture handling can be exploited to corrupt memory.
- An error in v8 can be exploited to corrupt memory.
- Defend against wild writes in buggy graphics drivers.
- Integer bounds check issue in GPU command buffers.
Vulnerability Impact: Successful exploitation will allow attackers to bypass certain security restrictions, execute arbitrary code in the context of the browser or cause a denial of service.
Affected Software/OS: Google Chrome version prior to 23.0.1271.64 on Mac OS X
Solution: Upgrade to the Google Chrome 23.0.1271.64 or later.
CVSS Score: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
|