Description: | Summary: This host is installed with Google Chrome and is prone to multiple vulnerabilities.
Vulnerability Insight: The flaws are due to
- The application does not properly re-prompt the user when downloading multiple files and can be exploited to trick the user into downloading a malicious file.
- An error when handling drag and drop events.
- Integer overflow errors, use-after-free error, out-of-bounds write error exists within the PDF viewer.
- A use-after-free error exists when handling object linkage in PDFs.
- An error within the 'webRequest' module can be exploited to cause interference with the Chrome Web Store.
- A use-after-free error exits when handling CSS DOM objects.
- An error within the WebP decoder can be exploited to cause a buffer overflow.
- An out-of-bounds access error exists when clicking in date picker.
- An error when handling renderer processes can be exploited to bypass the cross-process policy.
- An unspecified error exists within tab handling.
Vulnerability Impact: Successful exploitation could allow attackers to bypass certain security restrictions, execute arbitrary code in the context of the browser or cause a denial of service.
Affected Software/OS: Google Chrome version prior to 21.0.1180.57 on Linux
Solution: Upgrade to the Google Chrome 21.0.1180.57 or later.
CVSS Score: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
|