SB2012021601 - Multiple vulnerabilities in Techland Chrome
Published: February 16, 2012 Updated: August 11, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 12 secuirty vulnerabilities.
1) Out-of-bounds read (CVE-ID: CVE-2011-3025)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
Google Chrome before 17.0.963.56 does not properly parse H.264 data, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
2) Integer overflow (CVE-ID: CVE-2011-3026)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation.
3) Type conversion (CVE-ID: CVE-2011-3027)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
Google Chrome before 17.0.963.56 does not properly perform a cast of an unspecified variable during handling of columns, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.
4) Integer overflow (CVE-ID: CVE-2011-3015)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Multiple integer overflows in the PDF codecs in Google Chrome before 17.0.963.56 allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
5) Use-after-free (CVE-ID: CVE-2011-3016)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing vectors involving counter nodes, related to a "read-after-free" issue. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
6) Use-after-free (CVE-ID: CVE-2011-3017)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing vectors related to database handling. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
7) Heap-based buffer overflow (CVE-ID: CVE-2011-3018)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Heap-based buffer overflow in Google Chrome before 17.0.963.56. A remote attacker can use vectors related to path rendering. to trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
8) Heap-based buffer overflow (CVE-ID: CVE-2011-3019)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Heap-based buffer overflow in Google Chrome before 17.0.963.56. A remote attacker can use a crafted Matroska video to trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
9) Input validation error (CVE-ID: CVE-2011-3020)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Unspecified vulnerability in the Native Client validator implementation in Google Chrome before 17.0.963.56 has unknown impact and remote attack vectors.
10) Use-after-free (CVE-ID: CVE-2011-3021)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing vectors related to subframe loading. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
11) Use-after-free (CVE-ID: CVE-2011-3023)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing vectors related to drag-and-drop operations. A user-assisted remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
12) Improper Certificate Validation (CVE-ID: CVE-2011-3024)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service (application crash) via an empty X.509 certificate.
Remediation
Install update from vendor's website.
References
- http://code.google.com/p/chromium/issues/detail?id=112670
- http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.html
- http://secunia.com/advisories/48016
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14869
- http://code.google.com/p/chromium/issues/detail?id=112822
- http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
- http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00020.html
- http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00023.html
- http://secunia.com/advisories/48110
- http://secunia.com/advisories/49660
- http://security.gentoo.org/glsa/glsa-201206-15.xml
- http://support.apple.com/kb/HT5501
- http://support.apple.com/kb/HT5503
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15032
- http://code.google.com/p/chromium/issues/detail?id=112847
- http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html
- http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html
- http://support.apple.com/kb/HT5400
- http://support.apple.com/kb/HT5485
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14955
- http://code.google.com/p/chromium/issues/detail?id=105803
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14690
- http://code.google.com/p/chromium/issues/detail?id=106336
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14919
- http://code.google.com/p/chromium/issues/detail?id=108695
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14667
- http://code.google.com/p/chromium/issues/detail?id=110172
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14522
- http://code.google.com/p/chromium/issues/detail?id=110849
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14998
- http://code.google.com/p/chromium/issues/detail?id=111575
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14434
- http://code.google.com/p/chromium/issues/detail?id=111779
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15020
- http://code.google.com/p/chromium/issues/detail?id=112259
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14643
- http://code.google.com/p/chromium/issues/detail?id=112451
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14891