Multiple vulnerabilities in Techland Chrome
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 30 |
| CVE-ID | CVE-2011-2830 CVE-2011-2849 CVE-2011-2850 CVE-2011-2851 CVE-2011-2852 CVE-2011-2853 CVE-2011-2854 CVE-2011-2855 CVE-2011-2856 CVE-2011-2857 CVE-2011-2858 CVE-2011-2859 CVE-2011-2860 CVE-2011-2861 CVE-2011-2862 CVE-2011-2864 CVE-2011-2874 CVE-2011-2875 CVE-2011-3234 CVE-2011-2834 CVE-2011-2835 CVE-2011-2836 CVE-2011-2838 CVE-2011-2840 CVE-2011-2841 CVE-2011-2843 CVE-2011-2844 CVE-2011-2846 CVE-2011-2847 CVE-2011-2848 |
| CWE-ID | CWE-20 CWE-476 CWE-125 CWE-193 CWE-416 CWE-74 CWE-346 CWE-276 CWE-264 CWE-295 CWE-843 CWE-415 CWE-362 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #25 is available. |
| Vulnerable software |
Google Chrome Client/Desktop applications / Web browsers |
| Vendor |
Security Bulletin
This security bulletin contains information about 30 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU44554
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-2830
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google V8, as used in Google Chrome before 14.0.835.163, does not properly implement script object wrappers, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 14.0.835.0 - 14.0.835.162
CPE2.3- cpe:2.3:a:google:google_chrome:14.0.835.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.2:*:*:*:*:*:*:*
https://code.google.com/p/chromium/issues/detail?id=76771
https://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14336
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) NULL pointer dereference
EUVDB-ID: #VU44710
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-2849
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via unspecified vectors.
MitigationUpdate to version 14.0.835.163.
Vulnerable software versionsGoogle Chrome: 14.0.835.0 - 14.0.835.162
CPE2.3- cpe:2.3:a:google:google_chrome:14.0.835.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.2:*:*:*:*:*:*:*
https://code.google.com/p/chromium/issues/detail?id=89795
https://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html
https://osvdb.org/75549
https://exchange.xforce.ibmcloud.com/vulnerabilities/69875
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14047
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Out-of-bounds read
EUVDB-ID: #VU44711
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-2850
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
Google Chrome before 14.0.835.163 does not properly handle Khmer characters, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 14.0.835.0 - 14.0.835.162
CPE2.3- cpe:2.3:a:google:google_chrome:14.0.835.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.2:*:*:*:*:*:*:*
https://code.google.com/p/chromium/issues/detail?id=90134
https://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html
https://osvdb.org/75551
https://exchange.xforce.ibmcloud.com/vulnerabilities/69877
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14710
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Out-of-bounds read
EUVDB-ID: #VU44712
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-2851
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
Google Chrome before 14.0.835.163 does not properly handle video, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 14.0.835.0 - 14.0.835.162
CPE2.3- cpe:2.3:a:google:google_chrome:14.0.835.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.2:*:*:*:*:*:*:*
https://code.google.com/p/chromium/issues/detail?id=90173
https://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html
https://osvdb.org/75552
https://exchange.xforce.ibmcloud.com/vulnerabilities/69878
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14040
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Off-by-one
EUVDB-ID: #VU44713
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-2852
CWE-ID:
CWE-193 - Off-by-one Error
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Off-by-one error in Google V8, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 14.0.835.0 - 14.0.835.162
CPE2.3- cpe:2.3:a:google:google_chrome:14.0.835.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.2:*:*:*:*:*:*:*
https://code.google.com/p/chromium/issues/detail?id=91120
https://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html
https://osvdb.org/75553
https://exchange.xforce.ibmcloud.com/vulnerabilities/69879
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14551
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Use-after-free
EUVDB-ID: #VU44714
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-2853
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing vectors related to plug-in handling. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate to version 14.0.835.163.
Vulnerable software versionsGoogle Chrome: 14.0.835.0 - 14.0.835.162
CPE2.3- cpe:2.3:a:google:google_chrome:14.0.835.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.2:*:*:*:*:*:*:*
https://code.google.com/p/chromium/issues/detail?id=91197
https://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html
https://osvdb.org/75555
https://exchange.xforce.ibmcloud.com/vulnerabilities/69880
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14395
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Use-after-free
EUVDB-ID: #VU44715
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-2854
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing vectors related to "ruby / table style handing. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate to version 14.0.835.163.
Vulnerable software versionsGoogle Chrome: 14.0.835.0 - 14.0.835.162
CPE2.3- cpe:2.3:a:google:google_chrome:14.0.835.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.2:*:*:*:*:*:*:*
https://code.google.com/p/chromium/issues/detail?id=92651
https://code.google.com/p/chromium/issues/detail?id=94800
https://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html
https://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html
https://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html
https://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html
https://osvdb.org/75556
https://secunia.com/advisories/48274
https://secunia.com/advisories/48288
https://secunia.com/advisories/48377
https://www.securitytracker.com/id?1026774
https://exchange.xforce.ibmcloud.com/vulnerabilities/69881
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14691
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Improper Neutralization of Special Elements in Output Used by a Downstream Component
EUVDB-ID: #VU44716
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-2855
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google Chrome before 14.0.835.163 does not properly handle Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale node."
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 14.0.835.0 - 14.0.835.162
CPE2.3- cpe:2.3:a:google:google_chrome:14.0.835.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.2:*:*:*:*:*:*:*
https://code.google.com/p/chromium/issues/detail?id=92959
https://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html
https://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html
https://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html
https://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html
https://osvdb.org/75557
https://secunia.com/advisories/48274
https://secunia.com/advisories/48288
https://secunia.com/advisories/48377
https://www.securitytracker.com/id?1026774
https://exchange.xforce.ibmcloud.com/vulnerabilities/69882
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14485
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Origin validation error
EUVDB-ID: #VU44717
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-2856
CWE-ID:
CWE-346 - Origin Validation Error
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google V8, as used in Google Chrome before 14.0.835.163, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 14.0.835.0 - 14.0.835.162
CPE2.3- cpe:2.3:a:google:google_chrome:14.0.835.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.2:*:*:*:*:*:*:*
https://code.google.com/p/chromium/issues/detail?id=93416
https://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html
https://osvdb.org/75558
https://exchange.xforce.ibmcloud.com/vulnerabilities/69883
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14262
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Use-after-free
EUVDB-ID: #VU44718
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-2857
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing vectors related to the focus controller. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate to version 14.0.835.163.
Vulnerable software versionsGoogle Chrome: 14.0.835.0 - 14.0.835.162
CPE2.3- cpe:2.3:a:google:google_chrome:14.0.835.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.2:*:*:*:*:*:*:*
https://code.google.com/p/chromium/issues/detail?id=93420
https://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html
https://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html
https://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html
https://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html
https://osvdb.org/75559
https://secunia.com/advisories/48274
https://secunia.com/advisories/48288
https://secunia.com/advisories/48377
https://www.securitytracker.com/id?1026774
https://exchange.xforce.ibmcloud.com/vulnerabilities/69884
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14593
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Out-of-bounds read
EUVDB-ID: #VU44719
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-2858
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
Google Chrome before 14.0.835.163 does not properly handle triangle arrays, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 14.0.835.0 - 14.0.835.162
CPE2.3- cpe:2.3:a:google:google_chrome:14.0.835.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.2:*:*:*:*:*:*:*
https://code.google.com/p/chromium/issues/detail?id=95625
https://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html
https://osvdb.org/75566
https://exchange.xforce.ibmcloud.com/vulnerabilities/69891
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14592
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Incorrect default permissions
EUVDB-ID: #VU44720
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-2859
CWE-ID:
CWE-276 - Incorrect Default Permissions
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google Chrome before 14.0.835.163 uses incorrect permissions for non-gallery pages, which has unspecified impact and attack vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 14.0.835.0 - 14.0.835.162
CPE2.3- cpe:2.3:a:google:google_chrome:14.0.835.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.2:*:*:*:*:*:*:*
https://code.google.com/p/chromium/issues/detail?id=93497
https://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html
https://osvdb.org/75561
https://exchange.xforce.ibmcloud.com/vulnerabilities/69886
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14594
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Use-after-free
EUVDB-ID: #VU44721
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-2860
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing vectors related to table styles. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate to version 14.0.835.163.
Vulnerable software versionsGoogle Chrome: 14.0.835.0 - 14.0.835.162
CPE2.3- cpe:2.3:a:google:google_chrome:14.0.835.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.2:*:*:*:*:*:*:*
https://code.google.com/p/chromium/issues/detail?id=93587
https://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html
https://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html
https://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html
https://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html
https://osvdb.org/75562
https://secunia.com/advisories/48274
https://secunia.com/advisories/48288
https://secunia.com/advisories/48377
https://www.securitytracker.com/id?1026774
https://exchange.xforce.ibmcloud.com/vulnerabilities/69887
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14499
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Input validation error
EUVDB-ID: #VU44722
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-2861
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google Chrome before 14.0.835.163 does not properly handle strings in PDF documents, which allows remote attackers to have an unspecified impact via a crafted document that triggers an incorrect read operation.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 14.0.835.0 - 14.0.835.162
CPE2.3- cpe:2.3:a:google:google_chrome:14.0.835.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.2:*:*:*:*:*:*:*
https://code.google.com/p/chromium/issues/detail?id=93596
https://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html
https://osvdb.org/75563
https://exchange.xforce.ibmcloud.com/vulnerabilities/69888
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14677
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU44723
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-2862
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google V8, as used in Google Chrome before 14.0.835.163, does not properly restrict access to built-in objects, which has unspecified impact and remote attack vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 14.0.835.0 - 14.0.835.162
CPE2.3- cpe:2.3:a:google:google_chrome:14.0.835.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.2:*:*:*:*:*:*:*
https://code.google.com/p/chromium/issues/detail?id=93906
https://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html
https://osvdb.org/75564
https://exchange.xforce.ibmcloud.com/vulnerabilities/69889
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14431
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Out-of-bounds read
EUVDB-ID: #VU44724
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-2864
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
Google Chrome before 14.0.835.163 does not properly handle Tibetan characters, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 14.0.835.0 - 14.0.835.162
CPE2.3- cpe:2.3:a:google:google_chrome:14.0.835.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.2:*:*:*:*:*:*:*
https://code.google.com/p/chromium/issues/detail?id=95563
https://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html
https://osvdb.org/75565
https://exchange.xforce.ibmcloud.com/vulnerabilities/69890
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14296
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Improper Certificate Validation
EUVDB-ID: #VU44725
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-2874
CWE-ID:
CWE-295 - Improper Certificate Validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google Chrome before 14.0.835.163 does not perform an expected pin operation for a self-signed certificate during a session, which has unspecified impact and remote attack vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 14.0.835.0 - 14.0.835.162
CPE2.3- cpe:2.3:a:google:google_chrome:14.0.835.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.2:*:*:*:*:*:*:*
https://code.google.com/p/chromium/issues/detail?id=95917
https://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html
https://osvdb.org/75567
https://exchange.xforce.ibmcloud.com/vulnerabilities/69892
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14454
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Type Confusion
EUVDB-ID: #VU44726
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-2875
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google V8, as used in Google Chrome before 14.0.835.163, does not properly perform object sealing, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion."
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 14.0.835.0 - 14.0.835.162
CPE2.3- cpe:2.3:a:google:google_chrome:14.0.835.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.2:*:*:*:*:*:*:*
https://code.google.com/p/chromium/issues/detail?id=95920
https://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html
https://osvdb.org/75554
https://exchange.xforce.ibmcloud.com/vulnerabilities/69893
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Out-of-bounds read
EUVDB-ID: #VU44727
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-3234
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
Google Chrome before 14.0.835.163 does not properly handle boxes, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 14.0.835.0 - 14.0.835.162
CPE2.3- cpe:2.3:a:google:google_chrome:14.0.835.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.2:*:*:*:*:*:*:*
https://code.google.com/p/chromium/issues/detail?id=89991
https://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html
https://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html
https://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html
https://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html
https://osvdb.org/75550
https://support.apple.com/kb/HT4981
https://support.apple.com/kb/HT4999
https://support.apple.com/kb/HT5000
https://exchange.xforce.ibmcloud.com/vulnerabilities/69876
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14224
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Double Free
EUVDB-ID: #VU44728
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-2834
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Double free vulnerability in libxml2, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 14.0.835.0 - 14.0.835.162
CPE2.3- cpe:2.3:a:google:google_chrome:14.0.835.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.2:*:*:*:*:*:*:*
https://code.google.com/p/chromium/issues/detail?id=93472
https://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html
https://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
https://lists.apple.com/archives/security-announce/2012/May/msg00001.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
https://osvdb.org/75560
https://rhn.redhat.com/errata/RHSA-2013-0217.html
https://support.apple.com/kb/HT5281
https://support.apple.com/kb/HT5503
https://www.debian.org/security/2012/dsa-2394
https://www.mandriva.com/security/advisories?name=MDVSA-2011:145
https://www.redhat.com/support/errata/RHSA-2011-1749.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/69885
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14410
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Race condition
EUVDB-ID: #VU44729
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-2835
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Race condition in Google Chrome before 14.0.835.163 allows attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the certificate cache.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 14.0.835.0 - 14.0.835.162
CPE2.3- cpe:2.3:a:google:google_chrome:14.0.835.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.2:*:*:*:*:*:*:*
https://code.google.com/p/chromium/issues/detail?id=49377
https://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html
https://osvdb.org/75536
https://exchange.xforce.ibmcloud.com/vulnerabilities/69862
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14234
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Input validation error
EUVDB-ID: #VU44730
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-2836
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google Chrome before 14.0.835.163 does not require Infobar interaction before use of the Windows Media Player plug-in, which makes it easier for remote attackers to have an unspecified impact via crafted Flash content.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 14.0.835.0 - 14.0.835.162
CPE2.3- cpe:2.3:a:google:google_chrome:14.0.835.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.2:*:*:*:*:*:*:*
https://code.google.com/p/chromium/issues/detail?id=51464
https://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html
https://osvdb.org/75537
https://exchange.xforce.ibmcloud.com/vulnerabilities/69863
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13966
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Input validation error
EUVDB-ID: #VU44731
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-2838
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google Chrome before 14.0.835.163 does not properly consider the MIME type during the loading of a plug-in, which has unspecified impact and remote attack vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 14.0.835.0 - 14.0.835.162
CPE2.3- cpe:2.3:a:google:google_chrome:14.0.835.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.2:*:*:*:*:*:*:*
https://code.google.com/p/chromium/issues/detail?id=75070
https://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html
https://osvdb.org/75539
https://exchange.xforce.ibmcloud.com/vulnerabilities/69865
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14261
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Input validation error
EUVDB-ID: #VU44732
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-2840
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate data.
Google Chrome before 14.0.835.163 allows user-assisted remote attackers to spoof the URL bar via vectors related to "unusual user interaction."
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 14.0.835.0 - 14.0.835.162
CPE2.3- cpe:2.3:a:google:google_chrome:14.0.835.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.2:*:*:*:*:*:*:*
https://code.google.com/p/chromium/issues/detail?id=78427
https://code.google.com/p/chromium/issues/detail?id=83031
https://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html
https://osvdb.org/75546
https://exchange.xforce.ibmcloud.com/vulnerabilities/69867
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14491
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Input validation error
EUVDB-ID: #VU44733
Risk: Medium
CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2011-2841
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google Chrome before 14.0.835.163 does not properly perform garbage collection during the processing of PDF documents, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 14.0.835.0 - 14.0.835.162
CPE2.3- cpe:2.3:a:google:google_chrome:14.0.835.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.2:*:*:*:*:*:*:*
https://code.google.com/p/chromium/issues/detail?id=78639
https://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html
https://osvdb.org/75541
https://securityreason.com/securityalert/8411
https://exchange.xforce.ibmcloud.com/vulnerabilities/69868
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14019
https://www.exploit-db.com/exploits/17929/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
26) Out-of-bounds read
EUVDB-ID: #VU44734
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-2843
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
Google Chrome before 14.0.835.163 does not properly handle media buffers, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 14.0.835.0 - 14.0.835.162
CPE2.3- cpe:2.3:a:google:google_chrome:14.0.835.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.2:*:*:*:*:*:*:*
https://code.google.com/p/chromium/issues/detail?id=82438
https://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html
https://osvdb.org/75543
https://exchange.xforce.ibmcloud.com/vulnerabilities/69870
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14547
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Out-of-bounds read
EUVDB-ID: #VU44735
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-2844
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
Google Chrome before 14.0.835.163 does not properly process MP3 files, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 14.0.835.0 - 14.0.835.162
CPE2.3- cpe:2.3:a:google:google_chrome:14.0.835.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.2:*:*:*:*:*:*:*
https://code.google.com/p/chromium/issues/detail?id=85041
https://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html
https://osvdb.org/75544
https://exchange.xforce.ibmcloud.com/vulnerabilities/69871
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14696
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Use-after-free
EUVDB-ID: #VU44736
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-2846
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing vectors related to unload event handling. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate to version 14.0.835.163.
Vulnerable software versionsGoogle Chrome: 14.0.835.0 - 14.0.835.162
CPE2.3- cpe:2.3:a:google:google_chrome:14.0.835.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.2:*:*:*:*:*:*:*
https://code.google.com/p/chromium/issues/detail?id=89219
https://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html
https://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html
https://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html
https://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html
https://osvdb.org/75545
https://secunia.com/advisories/48274
https://secunia.com/advisories/48288
https://secunia.com/advisories/48377
https://www.securitytracker.com/id?1026774
https://exchange.xforce.ibmcloud.com/vulnerabilities/69872
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14451
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Use-after-free
EUVDB-ID: #VU44737
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-2847
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing a crafted document. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate to version 14.0.835.163.
Vulnerable software versionsGoogle Chrome: 14.0.835.0 - 14.0.835.162
CPE2.3- cpe:2.3:a:google:google_chrome:14.0.835.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.2:*:*:*:*:*:*:*
https://code.google.com/p/chromium/issues/detail?id=89330
https://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html
https://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html
https://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html
https://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html
https://osvdb.org/75547
https://secunia.com/advisories/48274
https://secunia.com/advisories/48288
https://secunia.com/advisories/48377
https://www.securitytracker.com/id?1026774
https://exchange.xforce.ibmcloud.com/vulnerabilities/69873
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14695
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Input validation error
EUVDB-ID: #VU44738
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-2848
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate data.
Google Chrome before 14.0.835.163 allows user-assisted remote attackers to spoof the URL bar via vectors related to the forward button.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 14.0.835.0 - 14.0.835.162
CPE2.3- cpe:2.3:a:google:google_chrome:14.0.835.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.2:*:*:*:*:*:*:*
https://code.google.com/p/chromium/issues/detail?id=89564
https://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html
https://osvdb.org/75548
https://exchange.xforce.ibmcloud.com/vulnerabilities/69874
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13915
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
