Google Chrome < 2.0.172.43 多個弱點
high Nessus Plugin ID 40778
語系:
概要
遠端主機含有受到多個弱點影響的網頁瀏覽器。說明
遠端主機上安裝的 Google Chrome 版本比 2.0.172.43 舊。據報這些版本受到多個問題的影響:- A flaw in the V8 JavaScript engine might allow a specially crafted JavaScript page to access unauthorized data in memory or to execute arbitrary code within the Google Chrome sandbox. (CVE-2009-2935)
- The browser can connect to SSL-enabled sites whose certificates use weak hash algorithms, such as MD2 and MD4. An attacker may be able exploit this issue to forge certificates and spoof an invalid website as a valid HTTPS site. (問題 #18725)
- A stack consumption vulnerability in libxml2 library could be exploited to crash the Google Chrome tab process or execute arbitrary code with in Google Chrome sandbox.
(CVE-2009-2414)
- Multiple use-after-free vulnerabilities in libxml2 library could be exploited to crash the Google Chrome tab process or execute arbitrary code with in Google Chrome sandbox. (CVE-2009-2416)
解決方案
升級至 Google Chrome 2.0.172.43 或更新版本。另請參閱
https://bugs.chromium.org/p/chromium/issues/detail?id=18639
Plugin 詳細資訊
嚴重性: High
ID: 40778
檔案名稱: google_chrome_2_0_172_43.nasl
版本: 1.20
類型: local
代理程式: windows
系列: Windows
已發布: 2009/8/26
已更新: 2022/4/11
組態: 啟用徹底檢查
支援的感應器: Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus
風險資訊
VPR
風險因素: Medium
分數: 5.9
CVSS v2
風險因素: High
基本分數: 9.3
時間分數: 6.9
媒介: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
弱點資訊
CPE: cpe:/a:google:chrome
必要的 KB 項目: SMB/Google_Chrome/Installed
可輕鬆利用: No known exploits are available
修補程式發佈日期: 2009/8/25
弱點發布日期: 2009/8/25