SB2011020401 - Multiple vulnerabilities in Techland Chrome
Published: February 4, 2011 Updated: August 11, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 6 secuirty vulnerabilities.
1) Use-after-free (CVE-ID: CVE-2011-0777)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing vectors related to image loading. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
2) Input validation error (CVE-ID: CVE-2011-0779)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
Google Chrome before 9.0.597.84 does not properly handle a missing key in an extension, which allows remote attackers to cause a denial of service (application crash) via a crafted extension.
3) Input validation error (CVE-ID: CVE-2011-0780)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The PDF event handler in Google Chrome before 9.0.597.84 does not properly interact with print operations, which allows user-assisted remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors.
4) Input validation error (CVE-ID: CVE-2011-0781)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google Chrome before 9.0.597.84 does not properly handle autofill profile merging, which has unspecified impact and remote attack vectors.
5) Input validation error (CVE-ID: CVE-2011-0783)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
Unspecified vulnerability in Google Chrome before 9.0.597.84 allows user-assisted remote attackers to cause a denial of service (application crash) via vectors involving a "bad volume setting."
6) Race condition (CVE-ID: CVE-2011-0784)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Race condition in Google Chrome before 9.0.597.84 allows remote attackers to execute arbitrary code via vectors related to audio.
Remediation
Install update from vendor's website.
References
- http://code.google.com/p/chromium/issues/detail?id=55831
- http://googlechromereleases.blogspot.com/2011/02/stable-channel-update.html
- http://secunia.com/advisories/43368
- http://www.debian.org/security/2011/dsa-2166
- http://www.vupen.com/english/advisories/2011/0408
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14514
- http://code.google.com/p/chromium/issues/detail?id=62791
- http://secunia.com/advisories/43782
- http://www.debian.org/security/2011/dsa-2192
- http://www.vupen.com/english/advisories/2011/0671
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14540
- http://code.google.com/p/chromium/issues/detail?id=64051
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14530
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14413
- http://code.google.com/p/chromium/issues/detail?id=68244
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14730
- http://code.google.com/p/chromium/issues/detail?id=69195
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14108