SB2011060902 - Multiple vulnerabilities in Techland Chrome
Published: June 9, 2011 Updated: August 11, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 13 secuirty vulnerabilities.
1) Use-after-free (CVE-ID: CVE-2011-1808)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing vectors related to incorrect integer calculations during float handling. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
2) Use-after-free (CVE-ID: CVE-2011-1809)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing unknown vectors. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
3) Information disclosure (CVE-ID: CVE-2011-1810)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The Cascading Style Sheets (CSS) implementation in Google Chrome before 12.0.742.91 does not properly restrict access to the visit history, which allows remote attackers to obtain sensitive information via unspecified vectors.
4) Input validation error (CVE-ID: CVE-2011-1812)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google Chrome before 12.0.742.91 allows remote attackers to bypass intended access restrictions via vectors related to extensions.
5) Input validation error (CVE-ID: CVE-2011-1813)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google Chrome before 12.0.742.91 does not properly implement the framework for extensions, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
6) Access of Uninitialized Pointer (CVE-ID: CVE-2011-1814)
The vulnerability allows a remote non-authenticated attacker to #BASIC_IMPACT#.
Google Chrome before 12.0.742.91 attempts to read data from an uninitialized pointer, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
7) Cross-site scripting (CVE-ID: CVE-2011-1815)
The vulnerability allows a remote non-authenticated attacker to manipulate data.
Google Chrome before 12.0.742.91 allows remote attackers to inject script into a tab page via vectors related to extensions.
8) Use-after-free (CVE-ID: CVE-2011-1816)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing unknown vectors. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
9) Buffer overflow (CVE-ID: CVE-2011-1817)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google Chrome before 12.0.742.91 does not properly implement history deletion, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
10) Use-after-free (CVE-ID: CVE-2011-1818)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing unknown vectors. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
11) Cross-site scripting (CVE-ID: CVE-2011-1819)
The vulnerability allows a remote non-authenticated attacker to manipulate data.
Google Chrome before 12.0.742.91 allows remote attackers to perform unspecified injection into a chrome:// page via vectors related to extensions.
12) Input validation error (CVE-ID: CVE-2011-2332)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google V8, as used in Google Chrome before 12.0.742.91, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
13) Cross-site scripting (CVE-ID: CVE-2011-2342)
The vulnerability allows a remote non-authenticated attacker to manipulate data.
The DOM implementation in Google Chrome before 12.0.742.91 allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
Remediation
Install update from vendor's website.
References
- http://code.google.com/p/chromium/issues/detail?id=73962
- http://code.google.com/p/chromium/issues/detail?id=79746
- http://googlechromereleases.blogspot.com/2011/06/chrome-stable-release.html
- http://osvdb.org/72778
- http://secunia.com/advisories/44829
- http://www.securityfocus.com/bid/48129
- https://exchange.xforce.ibmcloud.com/vulnerabilities/67891
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14659
- http://code.google.com/p/chromium/issues/detail?id=75496
- http://osvdb.org/72779
- https://exchange.xforce.ibmcloud.com/vulnerabilities/67892
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14692
- http://code.google.com/p/chromium/issues/detail?id=75643
- http://osvdb.org/72780
- https://exchange.xforce.ibmcloud.com/vulnerabilities/67893
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14433
- http://code.google.com/p/chromium/issues/detail?id=77026
- http://osvdb.org/72782
- https://exchange.xforce.ibmcloud.com/vulnerabilities/67895
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14546
- http://code.google.com/p/chromium/issues/detail?id=78516
- http://osvdb.org/72783
- https://exchange.xforce.ibmcloud.com/vulnerabilities/67896
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14481
- http://code.google.com/p/chromium/issues/detail?id=79362
- http://osvdb.org/72784
- https://exchange.xforce.ibmcloud.com/vulnerabilities/67897
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14565
- http://code.google.com/p/chromium/issues/detail?id=79862
- http://osvdb.org/72785
- https://exchange.xforce.ibmcloud.com/vulnerabilities/67898
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14728
- http://code.google.com/p/chromium/issues/detail?id=80358
- http://osvdb.org/72786
- https://exchange.xforce.ibmcloud.com/vulnerabilities/67899
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13575
- http://code.google.com/p/chromium/issues/detail?id=81916
- http://osvdb.org/72787
- https://exchange.xforce.ibmcloud.com/vulnerabilities/67900
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14128
- http://code.google.com/p/chromium/issues/detail?id=81949
- http://osvdb.org/72788
- https://exchange.xforce.ibmcloud.com/vulnerabilities/67901
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14757
- http://code.google.com/p/chromium/issues/detail?id=83010
- http://osvdb.org/72789
- https://exchange.xforce.ibmcloud.com/vulnerabilities/67902
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14616
- http://code.google.com/p/chromium/issues/detail?id=83275
- http://osvdb.org/72790
- https://exchange.xforce.ibmcloud.com/vulnerabilities/67903
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14242
- http://code.google.com/p/chromium/issues/detail?id=83743
- http://osvdb.org/72791
- https://exchange.xforce.ibmcloud.com/vulnerabilities/67904
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14663