The host is installed with Google Chrome before 27.0.1453.93 and is prone to multiple cross-site scripting (XSS) vulnerabilities. The flaws are present in the application, which fails to handle vectors involving a drag-and-drop or copy-and-paste operation. Successful exploitation allows attackers to inject arbitrary web script or HTML.