SB2011030203 - Multiple vulnerabilities in Techland Chrome
Published: March 2, 2011 Updated: August 11, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 17 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2011-1107)
The vulnerability allows a remote non-authenticated attacker to manipulate data.
Unspecified vulnerability in Google Chrome before 9.0.597.107 allows remote attackers to spoof the URL bar via unknown vectors.
2) Input validation error (CVE-ID: CVE-2011-1108)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google Chrome before 9.0.597.107 does not properly implement JavaScript dialogs, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted HTML document.
3) Input validation error (CVE-ID: CVE-2011-1109)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google Chrome before 9.0.597.107 does not properly process nodes in Cascading Style Sheets (CSS) stylesheets, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
4) Input validation error (CVE-ID: CVE-2011-1110)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google Chrome before 9.0.597.107 does not properly implement key frame rules, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
5) Input validation error (CVE-ID: CVE-2011-1111)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google Chrome before 9.0.597.107 does not properly implement forms controls, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors.
6) Input validation error (CVE-ID: CVE-2011-1112)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google Chrome before 9.0.597.107 does not properly perform SVG rendering, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors.
7) Input validation error (CVE-ID: CVE-2011-1114)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google Chrome before 9.0.597.107 does not properly handle tables, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale node."
8) Input validation error (CVE-ID: CVE-2011-1115)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google Chrome before 9.0.597.107 does not properly render tables, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
9) Input validation error (CVE-ID: CVE-2011-1116)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google Chrome before 9.0.597.107 does not properly handle SVG animations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
10) Input validation error (CVE-ID: CVE-2011-1117)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google Chrome before 9.0.597.107 does not properly handle XHTML documents, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale nodes."
11) Input validation error (CVE-ID: CVE-2011-1118)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google Chrome before 9.0.597.107 does not properly handle TEXTAREA elements, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted HTML document.
12) Input validation error (CVE-ID: CVE-2011-1119)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google Chrome before 9.0.597.107 does not properly determine device orientation, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
13) Out-of-bounds read (CVE-ID: CVE-2011-1120)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
The WebGL implementation in Google Chrome before 9.0.597.107 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, aka Issue 71717.
14) Integer overflow (CVE-ID: CVE-2011-1121)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Integer overflow in Google Chrome before 9.0.597.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a TEXTAREA element.
15) Out-of-bounds read (CVE-ID: CVE-2011-1122)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
The WebGL implementation in Google Chrome before 9.0.597.107 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, aka Issue 71960.
16) Use-after-free (CVE-ID: CVE-2011-1124)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing vectors related to blocked plug-ins. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
17) Input validation error (CVE-ID: CVE-2011-1125)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google Chrome before 9.0.597.107 does not properly perform layout, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
Remediation
Install update from vendor's website.
References
- http://code.google.com/p/chromium/issues/detail?id=54262
- http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_28.html
- http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html
- http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html
- http://support.apple.com/kb/HT4808
- http://support.apple.com/kb/HT4999
- http://www.securityfocus.com/bid/46614
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65725
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14322
- http://code.google.com/p/chromium/issues/detail?id=63732
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65726
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14345
- http://code.google.com/p/chromium/issues/detail?id=68263
- http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html
- http://support.apple.com/kb/HT4981
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65727
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14422
- http://code.google.com/p/chromium/issues/detail?id=68741
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65728
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14415
- http://code.google.com/p/chromium/issues/detail?id=70078
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65729
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14245
- http://code.google.com/p/chromium/issues/detail?id=70244
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65730
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14648
- http://code.google.com/p/chromium/issues/detail?id=71114
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65732
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14404
- http://code.google.com/p/chromium/issues/detail?id=71115
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65733
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13641
- http://code.google.com/p/chromium/issues/detail?id=71296
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65734
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14205
- http://code.google.com/p/chromium/issues/detail?id=71386
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65735
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14487
- http://code.google.com/p/chromium/issues/detail?id=71388
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65736
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14341
- http://code.google.com/p/chromium/issues/detail?id=71595
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65737
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14542
- http://code.google.com/p/chromium/issues/detail?id=71717
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65738
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14459
- http://code.google.com/p/chromium/issues/detail?id=71855
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65739
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14685
- http://code.google.com/p/chromium/issues/detail?id=71960
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65740
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14559
- http://code.google.com/p/chromium/issues/detail?id=72437
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65742
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14563
- http://code.google.com/p/chromium/issues/detail?id=73235
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65743
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14368