Multiple vulnerabilities in Techland Chrome
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 15 |
| CVE-ID | CVE-2011-3875 CVE-2011-3876 CVE-2011-3878 CVE-2011-3879 CVE-2011-3880 CVE-2011-3882 CVE-2011-3883 CVE-2011-3884 CVE-2011-3885 CVE-2011-3887 CVE-2011-3888 CVE-2011-3889 CVE-2011-3890 CVE-2011-3891 CVE-2011-2845 |
| CWE-ID | CWE-20 CWE-362 CWE-416 CWE-565 CWE-122 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Google Chrome Client/Desktop applications / Web browsers |
| Vendor |
Security Bulletin
This security bulletin contains information about 15 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU44559
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-3875
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate data.
Google Chrome before 15.0.874.102 does not properly handle drag and drop operations on URL strings, which allows user-assisted remote attackers to spoof the URL bar via unspecified vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 15.0.874.0 - 15.0.874.101
CPE2.3- cpe:2.3:a:google:google_chrome:15.0.874.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:15.0.874.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:15.0.874.2:*:*:*:*:*:*:*
https://code.google.com/p/chromium/issues/detail?id=88949
https://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/70953
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12275
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU44560
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-3876
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google Chrome before 15.0.874.102 does not properly handle downloading files that have whitespace characters at the end of a filename, which has unspecified impact and user-assisted remote attack vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 15.0.874.0 - 15.0.874.101
CPE2.3- cpe:2.3:a:google:google_chrome:15.0.874.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:15.0.874.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:15.0.874.2:*:*:*:*:*:*:*
https://code.google.com/p/chromium/issues/detail?id=90217
https://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/70954
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13042
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Race condition
EUVDB-ID: #VU44561
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-3878
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Race condition in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to worker process initialization.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 15.0.874.0 - 15.0.874.101
CPE2.3- cpe:2.3:a:google:google_chrome:15.0.874.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:15.0.874.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:15.0.874.2:*:*:*:*:*:*:*
https://code.google.com/p/chromium/issues/detail?id=94487
https://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/70956
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12811
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Input validation error
EUVDB-ID: #VU44562
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-3879
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google Chrome before 15.0.874.102 does not prevent redirects to chrome: URLs, which has unspecified impact and remote attack vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 15.0.874.0 - 15.0.874.101
CPE2.3- cpe:2.3:a:google:google_chrome:15.0.874.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:15.0.874.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:15.0.874.2:*:*:*:*:*:*:*
https://code.google.com/p/chromium/issues/detail?id=95374
https://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/70957
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13246
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Input validation error
EUVDB-ID: #VU44563
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-3880
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google Chrome before 15.0.874.102 does not prevent use of an unspecified special character as a delimiter in HTTP headers, which has unknown impact and remote attack vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 15.0.874.0 - 15.0.874.101
CPE2.3- cpe:2.3:a:google:google_chrome:15.0.874.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:15.0.874.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:15.0.874.2:*:*:*:*:*:*:*
https://code.google.com/p/chromium/issues/detail?id=95992
https://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/70958
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12672
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Use-after-free
EUVDB-ID: #VU44564
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-3882
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing vectors related to media buffers. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate to version 15.0.874.102.
Vulnerable software versionsGoogle Chrome: 15.0.874.0 - 15.0.874.101
CPE2.3- cpe:2.3:a:google:google_chrome:15.0.874.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:15.0.874.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:15.0.874.2:*:*:*:*:*:*:*
https://code.google.com/p/chromium/issues/detail?id=96292
https://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/70960
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13266
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Use-after-free
EUVDB-ID: #VU44565
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-3883
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing vectors related to counters. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate to version 15.0.874.102.
Vulnerable software versionsGoogle Chrome: 15.0.874.0 - 15.0.874.101
CPE2.3- cpe:2.3:a:google:google_chrome:15.0.874.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:15.0.874.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:15.0.874.2:*:*:*:*:*:*:*
https://code.google.com/p/chromium/issues/detail?id=96902
https://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/70961
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13091
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Input validation error
EUVDB-ID: #VU44566
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-3884
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google Chrome before 15.0.874.102 does not properly address timing issues during DOM traversal, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 15.0.874.0 - 15.0.874.101
CPE2.3- cpe:2.3:a:google:google_chrome:15.0.874.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:15.0.874.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:15.0.874.2:*:*:*:*:*:*:*
https://code.google.com/p/chromium/issues/detail?id=97148
https://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/70962
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13196
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Use-after-free
EUVDB-ID: #VU44567
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-3885
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing vectors related to stale Cascading Style Sheets (CSS) token-sequence data. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate to version 15.0.874.102.
Vulnerable software versionsGoogle Chrome: 15.0.874.0 - 15.0.874.101
CPE2.3- cpe:2.3:a:google:google_chrome:15.0.874.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:15.0.874.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:15.0.874.2:*:*:*:*:*:*:*
https://code.google.com/p/chromium/issues/detail?id=100059
https://code.google.com/p/chromium/issues/detail?id=97599
https://code.google.com/p/chromium/issues/detail?id=98064
https://code.google.com/p/chromium/issues/detail?id=98556
https://code.google.com/p/chromium/issues/detail?id=99294
https://code.google.com/p/chromium/issues/detail?id=99880
https://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html
https://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html
https://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html
https://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html
https://secunia.com/advisories/48274
https://secunia.com/advisories/48288
https://secunia.com/advisories/48377
https://www.securitytracker.com/id?1026774
https://exchange.xforce.ibmcloud.com/vulnerabilities/70963
https://exchange.xforce.ibmcloud.com/vulnerabilities/73804
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13216
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Reliance on Cookies without Validation and Integrity Checking
EUVDB-ID: #VU44568
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-3887
CWE-ID:
CWE-565 - Reliance on Cookies without Validation and Integrity Checking
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
Google Chrome before 15.0.874.102 does not properly handle javascript: URLs, which allows remote attackers to bypass intended access restrictions and read cookies via unspecified vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 15.0.874.0 - 15.0.874.101
CPE2.3- cpe:2.3:a:google:google_chrome:15.0.874.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:15.0.874.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:15.0.874.2:*:*:*:*:*:*:*
https://code.google.com/p/chromium/issues/detail?id=98407
https://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html
https://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html
https://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html
https://secunia.com/advisories/48288
https://secunia.com/advisories/48377
https://www.securitytracker.com/id?1026774
https://exchange.xforce.ibmcloud.com/vulnerabilities/70965
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13179
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Use-after-free
EUVDB-ID: #VU44569
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-3888
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing vectors related to editing operations in conjunction with an unknown plug-in. A user-assisted remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate to version 15.0.874.102.
Vulnerable software versionsGoogle Chrome: 15.0.874.0 - 15.0.874.101
CPE2.3- cpe:2.3:a:google:google_chrome:15.0.874.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:15.0.874.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:15.0.874.2:*:*:*:*:*:*:*
https://code.google.com/p/chromium/issues/detail?id=99138
https://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html
https://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html
https://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html
https://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html
https://secunia.com/advisories/48274
https://secunia.com/advisories/48288
https://secunia.com/advisories/48377
https://www.securitytracker.com/id?1026774
https://exchange.xforce.ibmcloud.com/vulnerabilities/70966
https://exchange.xforce.ibmcloud.com/vulnerabilities/73805
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13107
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Heap-based buffer overflow
EUVDB-ID: #VU44570
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-3889
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Heap-based buffer overflow in the Web Audio implementation in Google Chrome before 15.0.874.102. A remote attacker can use unknown vectors. to trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate to version 15.0.874.102.
Vulnerable software versionsGoogle Chrome: 15.0.874.0 - 15.0.874.101
CPE2.3- cpe:2.3:a:google:google_chrome:15.0.874.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:15.0.874.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:15.0.874.2:*:*:*:*:*:*:*
https://code.google.com/p/chromium/issues/detail?id=99211
https://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/70967
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12860
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Use-after-free
EUVDB-ID: #VU44571
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-3890
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing vectors related to video source handling. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate to version 15.0.874.102.
Vulnerable software versionsGoogle Chrome: 15.0.874.0 - 15.0.874.101
CPE2.3- cpe:2.3:a:google:google_chrome:15.0.874.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:15.0.874.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:15.0.874.2:*:*:*:*:*:*:*
https://code.google.com/p/chromium/issues/detail?id=99553
https://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/70968
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12286
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Input validation error
EUVDB-ID: #VU44572
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-3891
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google Chrome before 15.0.874.102 does not properly restrict access to internal Google V8 functions, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 15.0.874.0 - 15.0.874.101
CPE2.3- cpe:2.3:a:google:google_chrome:15.0.874.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:15.0.874.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:15.0.874.2:*:*:*:*:*:*:*
https://code.google.com/p/chromium/issues/detail?id=100322
https://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/70969
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13172
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Input validation error
EUVDB-ID: #VU44573
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-2845
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate data.
Google Chrome before 15.0.874.102 does not properly handle history data, which allows user-assisted remote attackers to spoof the URL bar via unspecified vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 15.0.874.0 - 15.0.874.101
CPE2.3- cpe:2.3:a:google:google_chrome:15.0.874.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:15.0.874.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:15.0.874.2:*:*:*:*:*:*:*
https://code.google.com/p/chromium/issues/detail?id=86758
https://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html
https://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
https://support.apple.com/kb/HT5400
https://support.apple.com/kb/HT5503
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13044
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
