Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.900832
Category:General
Title:Google Chrome 'JavaScript' And 'HTTPS' Multiple Vulnerabilities - Aug09
Summary:This host is installed with Google Chrome and is prone to multiple; vulnerabilities.
Description:Summary:
This host is installed with Google Chrome and is prone to multiple
vulnerabilities.

Vulnerability Insight:
Multiple flaws are due to:

- When 'Google V8' is used in the application, it allows to bypass intended
restrictions on reading memory, and possibly obtain sensitive information
in the Chrome sandbox, via crafted JavaScript.

- Application fails to prevent SSL connections to a site with an X.509
certificate signed with the MD2 or MD4 algorithm, which makes it easier for
man-in-the-middle attackers to spoof arbitrary HTTPS servers via a crafted
certificate.

Vulnerability Impact:
Successful exploitation will allow attacker to spoof the X.509 certificate.

Affected Software/OS:
Google Chrome version prior to 2.0.172.43 on Windows.

Solution:
Upgrade to version 2.0.172.43 or later.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: BugTraq ID: 36149
Common Vulnerability Exposure (CVE) ID: CVE-2009-2935
http://www.securityfocus.com/bid/36149
http://osvdb.org/57421
http://www.securitytracker.com/id?1022773
http://secunia.com/advisories/36417
http://www.vupen.com/english/advisories/2009/2420
XForce ISS Database: google-chrome-v8-security-bypass(52902)
https://exchange.xforce.ibmcloud.com/vulnerabilities/52902
Common Vulnerability Exposure (CVE) ID: CVE-2009-2973
XForce ISS Database: google-chrome-algorithm-spoofing(52903)
https://exchange.xforce.ibmcloud.com/vulnerabilities/52903
CopyrightCopyright (C) 2009 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.