SB2012032202 - Multiple vulnerabilities in Techland Chrome
Published: March 22, 2012 Updated: August 11, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 9 vulnerabilities.
1) Input validation error (CVE-ID: CVE-2011-3049)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
Google Chrome before 17.0.963.83 does not properly restrict the extension web request API, which allows remote attackers to cause a denial of service (disrupted system requests) via a crafted extension.
2) Integer overflow (CVE-ID: CVE-2011-3045)
CWE-ID: CWE-190 - Integer overflow
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file, a different vulnerability than CVE-2011-3026.
3) Use-after-free (CVE-ID: CVE-2011-3050)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing vectors related to the :first-letter pseudo-element. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
4) Use-after-free (CVE-ID: CVE-2011-3051)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing vectors related to the cross-fade function. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
5) Use-after-free (CVE-ID: CVE-2011-3053)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing vectors related to block splitting. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
6) Improper Privilege Management (CVE-ID: CVE-2011-3054)
CWE-ID: CWE-269 - Improper Privilege Management
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote non-authenticated attacker to manipulate data.
The WebUI privilege implementation in Google Chrome before 17.0.963.83 does not properly perform isolation, which allows remote attackers to bypass intended access restrictions via unspecified vectors.
7) Missing Authentication for Critical Function (CVE-ID: CVE-2011-3055)
CWE-ID: CWE-306 - Missing Authentication for Critical Function
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote non-authenticated attacker to manipulate data.
The browser native UI in Google Chrome before 17.0.963.83 does not require user confirmation before an unpacked extension installation, which allows user-assisted remote attackers to have an unspecified impact via a crafted extension.
8) Origin validation error (CVE-ID: CVE-2011-3056)
CWE-ID: CWE-346 - Origin Validation Error
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google Chrome before 17.0.963.83 allows remote attackers to bypass the Same Origin Policy via vectors involving a "magic iframe."
9) Out-of-bounds read (CVE-ID: CVE-2011-3057)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
Google V8, as used in Google Chrome before 17.0.963.83, allows remote attackers to cause a denial of service via vectors that trigger an invalid read operation.
Remediation
Install update from vendor's website.
References
- http://code.google.com/p/chromium/issues/detail?id=108648
- http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html
- http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00000.html
- http://osvdb.org/80295
- http://secunia.com/advisories/48527
- http://security.gentoo.org/glsa/glsa-201203-19.xml
- http://www.securityfocus.com/bid/52674
- http://www.securitytracker.com/id?1026841
- https://exchange.xforce.ibmcloud.com/vulnerabilities/74218
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15049
- http://code.google.com/p/chromium/issues/detail?id=116162
- http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=a8c319a2b281af68f7ca0e2f9a28ca57b44ceb2b
- http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075424.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075619.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075981.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075987.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076461.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076731.html
- http://lists.opensuse.org/opensuse-updates/2012-03/msg00051.html
- http://rhn.redhat.com/errata/RHSA-2012-0407.html
- http://rhn.redhat.com/errata/RHSA-2012-0488.html
- http://secunia.com/advisories/48320
- http://secunia.com/advisories/48485
- http://secunia.com/advisories/48512
- http://secunia.com/advisories/48554
- http://secunia.com/advisories/49660
- http://security.gentoo.org/glsa/glsa-201206-15.xml
- http://src.chromium.org/viewvc/chrome?view=rev&revision=125311
- http://www.debian.org/security/2012/dsa-2439
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:033
- http://www.securitytracker.com/id?1026823
- https://bugzilla.redhat.com/show_bug.cgi?id=799000
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14763
- http://code.google.com/p/chromium/issues/detail?id=113902
- http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html
- http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html
- http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
- http://osvdb.org/80288
- http://support.apple.com/kb/HT5400
- http://support.apple.com/kb/HT5485
- http://support.apple.com/kb/HT5503
- https://exchange.xforce.ibmcloud.com/vulnerabilities/74210
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14414
- http://code.google.com/p/chromium/issues/detail?id=116461
- http://osvdb.org/80289
- https://exchange.xforce.ibmcloud.com/vulnerabilities/74211
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15016
- http://code.google.com/p/chromium/issues/detail?id=116746
- http://osvdb.org/80291
- https://exchange.xforce.ibmcloud.com/vulnerabilities/74213
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14658
- http://code.google.com/p/chromium/issues/detail?id=117418
- http://osvdb.org/80292
- https://exchange.xforce.ibmcloud.com/vulnerabilities/74214
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15028
- http://code.google.com/p/chromium/issues/detail?id=117736
- https://exchange.xforce.ibmcloud.com/vulnerabilities/74215
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15033
- http://code.google.com/p/chromium/issues/detail?id=117550
- http://lists.apple.com/archives/security-announce/2012/May/msg00000.html
- http://lists.apple.com/archives/security-announce/2012/May/msg00002.html
- http://osvdb.org/80294
- http://osvdb.org/81794
- http://secunia.com/advisories/47292
- http://support.apple.com/kb/HT5282
- https://exchange.xforce.ibmcloud.com/vulnerabilities/74216
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14962
- http://code.google.com/p/chromium/issues/detail?id=117794
- http://secunia.com/advisories/48618
- http://secunia.com/advisories/48691
- http://secunia.com/advisories/48763
- http://www.securitytracker.com/id?1026877
- https://exchange.xforce.ibmcloud.com/vulnerabilities/74217
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14385