The host is installed with Google Chrome before 28.0.1500.71 and is prone to multiple unspecified vulnerabilities. The flaws are present in common/extensions/sync_helper.cc, which proceeds with sync operations for NPAPI extensions without checking for a certain plugin permission setting. Successful exploitation allows remote attackers to trigger unwanted extension changes.