SB2011121301 - Multiple vulnerabilities in Techland Chrome
Published: December 13, 2011 Updated: August 11, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 15 secuirty vulnerabilities.
1) Use-after-free (CVE-ID: CVE-2011-3904)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing vectors related to bidirectional text (aka bidi) handling. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
2) Out-of-bounds read (CVE-ID: CVE-2011-3905)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
libxml2, as used in Google Chrome before 16.0.912.63, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
3) Out-of-bounds read (CVE-ID: CVE-2011-3906)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
The PDF parser in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
4) Input validation error (CVE-ID: CVE-2011-3907)
The vulnerability allows a remote non-authenticated attacker to manipulate data.
The view-source feature in Google Chrome before 16.0.912.63 allows remote attackers to spoof the URL bar via unspecified vectors.
5) Out-of-bounds read (CVE-ID: CVE-2011-3908)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
Google Chrome before 16.0.912.63 does not properly parse SVG documents, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
6) Buffer overflow (CVE-ID: CVE-2011-3909)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
The Cascading Style Sheets (CSS) implementation in Google Chrome before 16.0.912.63 on 64-bit platforms does not properly manage property arrays, which allows remote attackers to cause a denial of service (memory corruption) via unspecified vectors.
7) Out-of-bounds read (CVE-ID: CVE-2011-3910)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
Google Chrome before 16.0.912.63 does not properly handle YUV video frames, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
8) Out-of-bounds read (CVE-ID: CVE-2011-3911)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
Google Chrome before 16.0.912.63 does not properly handle PDF documents, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
9) Use-after-free (CVE-ID: CVE-2011-3912)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing vectors related to SVG filters. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
10) Use-after-free (CVE-ID: CVE-2011-3913)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing vectors related to Range handling. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
11) Out-of-bounds write (CVE-ID: CVE-2011-3914)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The internationalization (aka i18n) functionality in Google V8, as used in Google Chrome before 16.0.912.63, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write.
12) Buffer overflow (CVE-ID: CVE-2011-3915)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Buffer overflow in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to PDF fonts.
13) Out-of-bounds read (CVE-ID: CVE-2011-3916)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
Google Chrome before 16.0.912.63 does not properly handle PDF cross references, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
14) Stack-based buffer overflow (CVE-ID: CVE-2011-3917)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing unknown vectors. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
15) Incorrect Comparison (CVE-ID: CVE-2011-3903)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
Google Chrome before 16.0.912.63 does not properly perform regex matching, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
Remediation
Install update from vendor's website.
References
- http://code.google.com/p/chromium/issues/detail?id=107258
- http://googlechromereleases.blogspot.com/2011/12/stable-channel-update.html
- https://bugs.webkit.org/show_bug.cgi?id=66015
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14494
- http://code.google.com/p/chromium/issues/detail?id=95465
- http://rhn.redhat.com/errata/RHSA-2013-0217.html
- http://www.debian.org/security/2012/dsa-2394
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:188
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14761
- http://code.google.com/p/chromium/issues/detail?id=98809
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14548
- http://code.google.com/p/chromium/issues/detail?id=99016
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14299
- http://code.google.com/p/chromium/issues/detail?id=100863
- http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html
- http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html
- http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html
- http://secunia.com/advisories/48274
- http://secunia.com/advisories/48288
- http://secunia.com/advisories/48377
- http://www.securitytracker.com/id?1026774
- https://exchange.xforce.ibmcloud.com/vulnerabilities/73807
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14791
- http://code.google.com/p/chromium/issues/detail?id=101010
- https://exchange.xforce.ibmcloud.com/vulnerabilities/73808
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14579
- http://code.google.com/p/chromium/issues/detail?id=101494
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14517
- http://code.google.com/p/chromium/issues/detail?id=101779
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14683
- http://code.google.com/p/chromium/issues/detail?id=102359
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14519
- http://code.google.com/p/chromium/issues/detail?id=103921
- http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html
- http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html
- http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
- http://support.apple.com/kb/HT5400
- http://support.apple.com/kb/HT5485
- http://support.apple.com/kb/HT5503
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14527
- http://code.google.com/p/chromium/issues/detail?id=104011
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14840
- http://code.google.com/p/chromium/issues/detail?id=104529
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14569
- http://code.google.com/p/chromium/issues/detail?id=104959
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14315
- http://code.google.com/p/chromium/issues/detail?id=105162
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14847
- http://code.google.com/p/chromium/issues/detail?id=81753
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14704