SB2012012402 - Multiple vulnerabilities in Techland Chrome
Published: January 24, 2012 Updated: August 11, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Use-after-free (CVE-ID: CVE-2011-3924)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing vectors related to DOM selections. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
2) Heap-based buffer overflow (CVE-ID: CVE-2011-3926)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Heap-based buffer overflow in the tree builder in Google Chrome before 16.0.912.77. A remote attacker can use unknown vectors. to trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
3) Improper Initialization (CVE-ID: CVE-2011-3927)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Skia, as used in Google Chrome before 16.0.912.77, does not perform all required initialization of values, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
4) Use-after-free (CVE-ID: CVE-2011-3928)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing vectors related to DOM handling. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Remediation
Install update from vendor's website.
References
- http://code.google.com/p/chromium/issues/detail?id=106484
- http://googlechromereleases.blogspot.com/2012/01/stable-channel-update_23.html
- http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html
- http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html
- http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
- http://secunia.com/advisories/47694
- http://support.apple.com/kb/HT5400
- http://support.apple.com/kb/HT5485
- http://support.apple.com/kb/HT5503
- http://www.securitytracker.com/id?1026569
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13887
- http://code.google.com/p/chromium/issues/detail?id=109556
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14552
- http://code.google.com/p/chromium/issues/detail?id=108605
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13948
- http://code.google.com/p/chromium/issues/detail?id=108461
- http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html
- http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html
- http://secunia.com/advisories/48288
- http://secunia.com/advisories/48377
- http://www.securitytracker.com/id?1026774
- https://exchange.xforce.ibmcloud.com/vulnerabilities/73809
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14441