This host is installed with Google Chrome and is prone to multiple vulnerabilities.

Successful exploitation will let the attacker execute arbitrary JavaScript code and disclose the content of local files, memory corruption or CPU consumption and which may result in Denial of Service condition. Impact Level: System/Application

Upgrade to version 3.0.195.32 or later. http://www.google.com/chrome

- Error in 'browser/download/download_exe.cc', which fails to display a warning when a user downloads and opens '.svg', '.mht' or '.xml' files. This can be exploited to disclose the content of local files via a specially crafted web page. - An error in the Gears SQL API implementation can be exploited to put SQL metadata into a bad state and cause a memory corruption. - An error in WebKit, which can be exploited via a web page that calls the JavaScript setInterval method, which triggers an incompatibility between the 'WTF::currentTime' and 'base::Time' functions. - Error in 'WebFrameLoaderClient::dispatchDidChangeLocationWithinPage' function in 'src/webkit/glue/webframeloaderclient_impl.cc' and which can be exploited via a page-local link, related to an 'empty redirect chain,' as demonstrated by a message in Yahoo! Mail.

Google Chrome version prior to 3.0.195.32 on Windows.

• http://googlechromereleases.blogspot.com/2009/11/stable-channel-update.html
• http://secunia.com/advisories/37273/
• http://securethoughts.com/2009/11/using-blended-browser-threats-involving-chrome-to-steal-files-on-your-computer/
• http://www.vupen.com/english/advisories/2009/3159

---

Updated on 2015-03-25