Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Google Chrome Multiple Vulnerabilities - Nov09
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
This host is installed with Google Chrome and is prone to multiple vulnerabilities.
Insight
Insight
Multiple flaws are due to, - Error in 'browser/download/download_exe.cc', which fails to display a warning when a user downloads and opens '.svg', '.mht' or '.xml' files. This can be exploited to disclose the content of local files via a specially crafted web page. - An error in the Gears SQL API implementation can be exploited to put SQL metadata into a bad state and cause a memory corruption. - An error in WebKit, which can be exploited via a web page that calls the JavaScript setInterval method, which triggers an incompatibility between the 'WTF::currentTime' and 'base::Time' functions. - Error in 'WebFrameLoaderClient::dispatchDidChangeLocationWithinPage' function in 'src/webkit/glue/webframeloaderclient_impl.cc' and which can be exploited via a page-local link, related to an 'empty redirect chain, ' as demonstrated by a message in Yahoo! Mail.
Affected Software
Affected Software
Google Chrome version prior to 3.0.195.32 on Windows.
Solution
Solution
Upgrade to version 3.0.195.32 or later.