Zero-friction vulnerability management platform

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Google Chrome Multiple Vulnerabilities - Nov09

Information

Severity

Severity

Critical

Family

Family

Denial of Service

CVSSv2 Base

CVSSv2 Base

9.3

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Solution Type

Solution Type

Vendor Patch

Created

Created

12 years ago

Modified

Modified

3 years ago

Summary

This host is installed with Google Chrome and is prone to multiple vulnerabilities.

Insight

Insight

Multiple flaws are due to, - Error in 'browser/download/download_exe.cc', which fails to display a warning when a user downloads and opens '.svg', '.mht' or '.xml' files. This can be exploited to disclose the content of local files via a specially crafted web page. - An error in the Gears SQL API implementation can be exploited to put SQL metadata into a bad state and cause a memory corruption. - An error in WebKit, which can be exploited via a web page that calls the JavaScript setInterval method, which triggers an incompatibility between the 'WTF::currentTime' and 'base::Time' functions. - Error in 'WebFrameLoaderClient::dispatchDidChangeLocationWithinPage' function in 'src/webkit/glue/webframeloaderclient_impl.cc' and which can be exploited via a page-local link, related to an 'empty redirect chain, ' as demonstrated by a message in Yahoo! Mail.

Affected Software

Affected Software

Google Chrome version prior to 3.0.195.32 on Windows.

Solution

Solution

Upgrade to version 3.0.195.32 or later.

Common Vulnerabilities and Exposures (CVE)