SB2012032501 - Gentoo update for Chromium

Description

This security bulletin contains information about 25 secuirty vulnerabilities.

1) Use-after-free (CVE-ID: CVE-2011-3031)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing unknown vectors. A remote attackers can cause a denial of service or possibly have unspecified other impact.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

2) Use-after-free (CVE-ID: CVE-2011-3032)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing vectors related to the handling of SVG values. A remote attackers can cause a denial of service or possibly have unspecified other impact.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

3) Buffer overflow (CVE-ID: CVE-2011-3033)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Buffer overflow in Skia, as used in Google Chrome before 17.0.963.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

4) Use-after-free (CVE-ID: CVE-2011-3034)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing vectors involving an SVG document. A remote attackers can cause a denial of service or possibly have unspecified other impact.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

5) Use-after-free (CVE-ID: CVE-2011-3035)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing vectors involving SVG use elements. A remote attackers can cause a denial of service or possibly have unspecified other impact.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

6) Type conversion (CVE-ID: CVE-2011-3036)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Google Chrome before 17.0.963.65 does not properly perform a cast of an unspecified variable during handling of line boxes, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.

7) Type conversion (CVE-ID: CVE-2011-3037)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Google Chrome before 17.0.963.65 does not properly perform casts of unspecified variables during the splitting of anonymous blocks, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.

8) Use-after-free (CVE-ID: CVE-2011-3038)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing vectors related to multi-column handling. A remote attackers can cause a denial of service or possibly have unspecified other impact.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

9) Use-after-free (CVE-ID: CVE-2011-3039)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing vectors related to quote handling. A remote attackers can cause a denial of service or possibly have unspecified other impact.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

10) Out-of-bounds read (CVE-ID: CVE-2011-3040)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

Google Chrome before 17.0.963.65 does not properly handle text, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted document.

11) Use-after-free (CVE-ID: CVE-2011-3041)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing vectors related to the handling of class attributes. A remote attackers can cause a denial of service or possibly have unspecified other impact.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

12) Use-after-free (CVE-ID: CVE-2011-3042)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing vectors related to the handling of table sections. A remote attackers can cause a denial of service or possibly have unspecified other impact.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

13) Use-after-free (CVE-ID: CVE-2011-3043)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing vectors involving a flexbox (aka flexible box) in conjunction with the floating of elements. A remote attackers can cause a denial of service or possibly have unspecified other impact.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

14) Use-after-free (CVE-ID: CVE-2011-3044)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing vectors involving SVG animation elements. A remote attackers can cause a denial of service or possibly have unspecified other impact.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

15) Universal cross-site scripting (CVE-ID: CVE-2011-3046)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data passed via "The extension subsystem" when leveraging a "Universal XSS (UXSS)" issue. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website .

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

16) Buffer overflow (CVE-ID: CVE-2011-3047)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The GPU process in Google Chrome before 17.0.963.79 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) by leveraging an error in the plug-in loading mechanism.

17) Input validation error (CVE-ID: CVE-2011-3049)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

Google Chrome before 17.0.963.83 does not properly restrict the extension web request API, which allows remote attackers to cause a denial of service (disrupted system requests) via a crafted extension.

18) Use-after-free (CVE-ID: CVE-2011-3050)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing vectors related to the :first-letter pseudo-element. A remote attackers can cause a denial of service or possibly have unspecified other impact.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

19) Use-after-free (CVE-ID: CVE-2011-3051)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing vectors related to the cross-fade function. A remote attackers can cause a denial of service or possibly have unspecified other impact.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

20) Buffer overflow (CVE-ID: CVE-2011-3052)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The WebGL implementation in Google Chrome before 17.0.963.83 does not properly handle CANVAS elements, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

21) Use-after-free (CVE-ID: CVE-2011-3053)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing vectors related to block splitting. A remote attackers can cause a denial of service or possibly have unspecified other impact.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

22) Improper Privilege Management (CVE-ID: CVE-2011-3054)

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The WebUI privilege implementation in Google Chrome before 17.0.963.83 does not properly perform isolation, which allows remote attackers to bypass intended access restrictions via unspecified vectors.

23) Missing Authentication for Critical Function (CVE-ID: CVE-2011-3055)

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The browser native UI in Google Chrome before 17.0.963.83 does not require user confirmation before an unpacked extension installation, which allows user-assisted remote attackers to have an unspecified impact via a crafted extension.

24) Origin validation error (CVE-ID: CVE-2011-3056)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Google Chrome before 17.0.963.83 allows remote attackers to bypass the Same Origin Policy via vectors involving a "magic iframe."

25) Out-of-bounds read (CVE-ID: CVE-2011-3057)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

Google V8, as used in Google Chrome before 17.0.963.83, allows remote attackers to cause a denial of service via vectors that trigger an invalid read operation.

Remediation

Install update from vendor's website.

References

• https://security.gentoo.org/
• https://security.gentoo.org/glsa/201203-19