Google Chrome < 21.0.1180.60 Multiple Vulnerabilities

NASLDB: Google Chrome < 21.0.1180.60 Multiple Vulnerabilities

General

ID: 61381
Name: Google Chrome < 21.0.1180.60 Multiple Vulnerabilities

Summary: Checks version number of Google Chrome

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Port: –
Family: Windows
Type: Local

Description

The version of Google Chrome installed on the remote host is earlier
than 21.0.1180.60 and is, therefore, affected by the following
vulnerabilities :

– Re-prompts are not displayed for excessive
downloads. (CVE-2012-2847)

– Drag and drop file access restrictions are not
restrictive enough. (CVE-2012-2848)

– An off-by-one read error exists related to GIF
decoding. (CVE-2012-2849)

– Various, unspecified errors exist related to PDF
processing. (CVE-2012-2850)

– Various, unspecified integer overflows exist related
to PDF processing. (CVE-2012-2851)

– A use-after-free error exists related to object linkage
and PDF processing. (CVE-2012-2852)

– An error exists related to ‘webRequest’ and ‘Chrome Web
Store’ interference. (CVE-2012-2853)

– Pointer values can be leaked to ‘WebUI’ renderers.
(CVE-2012-2854)

– An unspecified use-after-free error exists related to
PDF processing. (CVE-2012-2855)

– Unspecified out-of-bounds reads exist related to the
PDF viewer. (CVE-2012-2856)

– A use-after-free error exists related to CSS DOM
processing. (CVE-2012-2857)

– A buffer overflow exists related to ‘WebP’ decoding.
(CVE-2012-2858)

– An out-of-bounds access error exists related to the
date picker. (CVE-2012-2860)