Google Chrome < 35.0.1916.114 Multiple Vulnerabilities

The version of Google Chrome installed on the remote host is a version prior to 35.0.1916.114 and is thus missing fixes for multiple vulnerabilities, some of which include:

• Use-after-free vulnerabilities in styles and SVG that may be leveraged by a context-dependent attacker to dereference freed memory and execute arbitrary code (CVE-2014-1743, CVE-2014-1746)

• Integer overflow vulnerability due to improper audio file validation, which may be leveraged by an attacker to cause a buffer overflow resulting in arbitrary code execution (CVE-2014-1744)

• An out-of-bounds read issue when handling media filters, which can be leveraged to cause a crash and/or potentially disclose memory contents (CVE-2014-1746)

• A universal cross-site scripting attack due to insufficient validation when handling local MHTML files (CVE-2014-1747)

• A UI spoofing flaw which can be leveraged by a context-dependent attacker to paint a scroll corner larger than the iframe it is attached to, potentially allowing for clickjacking attacks (CVE-2014-1748)

• An update to Google V8 engine, which in version 3.25.28.16 fixes an integer underflow vulnerability that could otherwise be leveraged for arbitrary code execution (CVE-2014-3152)

• A vulnerability in Blink’s ‘SpeechInput’ speech recongition feature, which may be exploited for information disclosure in conjunction with clickjacking; the feature has since been disabled (CVE-2014-3803)

• Other miscellaneous vulnerabilities undisclosed by the vendor (CVE-2014-1749)