Google Chrome < 38.0.2125.104 Multiple Vulnerabilities

2014-10-1500:00:00

Tenable

www.tenable.com

JSON

In addition to missing the security updates to Google V8 Javascript engine, versions of Google Chrome prior to 38.0.2125.104 are vulnerable to the following issues:

A flaw exists in V8 and IPC that can lead to remote code execution. (CVE-2014-3188)
Out-of-bounds read errors exist in PDFium. (CVE-2014-3189, CVE-2014-3198)
Use-after-free errors exist in Events, Rendering, DOM, and Web Workers. (CVE-2014-3190, CVE-2014-3191, CVE-2014-3192, CVE-2014-3194)
A type confusion error exists in Session Management. (CVE-2014-3193)
Information leak vulnerabilities exist in the V8 JavaScript engine and the XSS Auditor. (CVE-2014-3195, CVE-2014-3197)
A security bypass vulnerability exists in the Windows Sandbox. (CVE-2014-3196)
An error exists related to assertion of bindings in the V8 JavaScript engine. (CVE-2014-3199)
Multiple unspecified vulnerabilities exist. (CVE-2014-3200)

Note that while version 38.0.2125.101 contains fixes for these issues, it does not include security updates for the built-in Adobe Flash engine, which is released with version 38.0.2125.104.

Binary data 8551.pasl

VendorProductVersionCPE
googlechromecpe:/a:google:chrome

Vendor	Product	Version	CPE
google	chrome		cpe:/a:google:chrome

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3188

googlechromereleases.blogspot.com/2014/10/stable-channel-update_14.html,http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html

JSON

Related for 8551.PASL