The version of Google Chrome installed on the remote host is a version prior to 40.0.2214.91 and is thus missing fixes for the following vulnerabilities :
- A memory corruption vulnerability exists due to an error in Fonts. (CVE-2014-7938)
- Multiple memory corruption vulnerabilities exist due to an error in ICU. (CVE-2014-7923, CVE-2014-7926)
- Multiple memory corruption vulnerabilities exist due to an error in V8. (CVE-2014-7927, CVE-2014-7928, CVE-2014-7931)
- A same-origin policy bypass vulnerability exists due to an error in v8. (CVE-2014-7939)
- A security vulnerability occurs due to an uninitialized value in Fonts. (CVE-2014-7942)
- A security vulnerability occurs due to an uninitialized value in ICU. (CVE-2014-7940)
- A security bypass vulnerability occurs due to caching error in AppCache. (CVE-2014-7948)
- Multiple use-after-free vulnerabilities exist due to an error in DOM. (CVE-2014-7929, CVE-2014-7930, CVE-2014-7932, CVE-2014-7934)
- Multiple use-after-free vulnerabilities exist due to an error in FFmpeg. (CVE-2014-7933, CVE-2014-7937)
- A use-after-free vulnerability exists due to an error in IndexedDB. (CVE-2014-7924)
- A use-after-free vulnerability exists due to an error in Speech. (CVE-2014-7935)
- A use-after-free vulnerability exists due to an error in Views. (CVE-2014-7936)
- A use-after-free vulnerability exists due to an error in WebAudio. (CVE-2014-7925)
- Multiple out-of-bounds read vulnerabilities exist due to an error in PDFium. (CVE-2014-7944, CVE-2014-7945)
- An out-of-bounds read vulnerability exists due to an error in Fonts. (CVE-2014-7946)
- An out-of-bounds read vulnerability exists due to an error in PDFium. (CVE-2014-7947)
- An out-of-bounds read vulnerability exists due to an error in Skia. (CVE-2014-7943)
- An out-of-bounds read vulnerability exists due to an error in UI. (CVE-2014-7941)
- A flaw in the ScopedClipboard destructor in ‘remoting/host/clipboard_win.cc’ that is triggered as the CloseClipboard() API is not called with an anonymous access token. This may allow a context-dependent attacker to to bypass sandbox restrictions via an impersonation of the access token used by a system process. (CVE-2015-1205)
- Multiple unspecified vulnerabilities affecting Google V8 allow remote attackers to cause a denial of service or other unknown impacts. (CVE-2015-1346)
- Multiple off-by-one errors in ‘fpdfapi/fpdf_font/font_int.h’ in PDFium. This could allow remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted PDF document, related to an ‘intra-object-overflow’ issue. (CVE-2015-1359)
- A flaw in Skia due to improperly handling data during text drawing could allow a remote attacker to cause a denial of service or other unspecified impact. This affects ‘gpu/GrBitmapTextContext.cpp’ and ‘gpu/GrDistanceFieldTextContext.cpp’. (CVE-2015-1360)