SB2011102503 - Multiple vulnerabilities in Techland Chrome
Published: October 25, 2011 Updated: January 28, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Cross-site scripting (CVE-ID: CVE-2011-3877)
Vulnerability allows a remote attacker to perform XSS attacks.
The vulnerability is caused by an input validation error in the appcache internals page in Google Chrome before 15.0.874.102. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in victim's browser in security context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
2) Universal cross-site scripting (CVE-ID: CVE-2011-3881)
The vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data when processing data passed via vectors related to (1) the DOMWindow::clear function and use of a selection object, (2) the Object::GetRealNamedPropertyInPrototypeChain function and use of an __proto__ property, (3) the HTMLPlugInImageElement::allowedToLoadFrameURL function and use of a javascript: URL, (4) incorrect origins for XSLT-generated documents in the XSLTProcessor::createDocumentFromSource function, and (5) improper handling of synchronous frame loads in the ScriptController::executeIfJavaScriptURL function. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
Remediation
Install update from vendor's website.
References
- http://code.google.com/p/chromium/issues/detail?id=91218
- http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/70955
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12763
- http://code.google.com/p/chromium/issues/detail?id=96047
- http://code.google.com/p/chromium/issues/detail?id=96885
- http://code.google.com/p/chromium/issues/detail?id=98053
- http://code.google.com/p/chromium/issues/detail?id=99512
- http://code.google.com/p/chromium/issues/detail?id=99750
- http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html
- http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html
- http://secunia.com/advisories/48288
- http://secunia.com/advisories/48377
- http://www.rafayhackingarticles.net/2014/10/a-tale-of-another-sop-bypass-in-android.html
- http://www.securitytracker.com/id?1026774
- https://android.googlesource.com/platform/external/webkit/+/109d59bf6fe4abfd001fc60ddd403f1046b117ef
- https://exchange.xforce.ibmcloud.com/vulnerabilities/70959
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12940