Multiple vulnerabilities in Chrome
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 12 |
| CVE-ID | CVE-2011-3105 CVE-2011-3106 CVE-2011-3107 CVE-2011-3108 CVE-2011-3110 CVE-2011-3111 CVE-2011-3112 CVE-2011-3113 CVE-2011-3114 CVE-2011-3115 CVE-2011-3103 CVE-2011-3104 |
| CWE-ID | CWE-416 CWE-119 CWE-20 CWE-399 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Google Chrome Client/Desktop applications / Web browsers |
| Vendor |
Security Bulletin
This security bulletin contains information about 12 vulnerabilities.
1) Use-after-free
EUVDB-ID: #VU44041
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-3105
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing vectors related to the :first-letter pseudo-element. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 19.0.1028.0 - 19.0.1084.50
CPE2.3- cpe:2.3:a:google:google_chrome:19.0.1028.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:19.0.1029.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:19.0.1030.0:*:*:*:*:*:*:*
https://code.google.com/p/chromium/issues/detail?id=120912
https://googlechromereleases.blogspot.com/2012/05/stable-channel-update_23.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html
https://osvdb.org/82242
https://secunia.com/advisories/49277
https://secunia.com/advisories/49306
https://security.gentoo.org/glsa/glsa-201205-04.xml
https://support.apple.com/kb/HT5485
https://support.apple.com/kb/HT5502
https://support.apple.com/kb/HT5503
https://www.securityfocus.com/bid/53679
https://www.securitytracker.com/id?1027098
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15535
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Buffer overflow
EUVDB-ID: #VU44042
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2011-3106
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The WebSockets implementation in Google Chrome before 19.0.1084.52 does not properly handle use of SSL, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 19.0.1028.0 - 19.0.1084.50
CPE2.3- cpe:2.3:a:google:google_chrome:19.0.1028.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:19.0.1029.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:19.0.1030.0:*:*:*:*:*:*:*
https://code.google.com/p/chromium/issues/detail?id=122654
https://googlechromereleases.blogspot.com/2012/05/stable-channel-update_23.html
https://osvdb.org/82251
https://secunia.com/advisories/49277
https://secunia.com/advisories/49306
https://security.gentoo.org/glsa/glsa-201205-04.xml
https://www.securityfocus.com/bid/53679
https://www.securitytracker.com/id?1027098
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15470
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Input validation error
EUVDB-ID: #VU44043
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-3107
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google Chrome before 19.0.1084.52 does not properly implement JavaScript bindings for plug-ins, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 19.0.1028.0 - 19.0.1084.50
CPE2.3- cpe:2.3:a:google:google_chrome:19.0.1028.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:19.0.1029.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:19.0.1030.0:*:*:*:*:*:*:*
https://code.google.com/p/chromium/issues/detail?id=124625
https://googlechromereleases.blogspot.com/2012/05/stable-channel-update_23.html
https://osvdb.org/82252
https://secunia.com/advisories/49277
https://secunia.com/advisories/49306
https://security.gentoo.org/glsa/glsa-201205-04.xml
https://www.securityfocus.com/bid/53679
https://www.securitytracker.com/id?1027098
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15409
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Use-after-free
EUVDB-ID: #VU44044
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2011-3108
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing vectors related to the browser cache. A remote attackers can execute arbitrary code.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 19.0.1028.0 - 19.0.1084.50
CPE2.3- cpe:2.3:a:google:google_chrome:19.0.1028.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:19.0.1029.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:19.0.1030.0:*:*:*:*:*:*:*
https://code.google.com/p/chromium/issues/detail?id=125159
https://googlechromereleases.blogspot.com/2012/05/stable-channel-update_23.html
https://secunia.com/advisories/49277
https://secunia.com/advisories/49306
https://security.gentoo.org/glsa/glsa-201205-04.xml
https://www.securityfocus.com/bid/53679
https://www.securitytracker.com/id?1027098
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14947
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Buffer overflow
EUVDB-ID: #VU44045
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-3110
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The PDF functionality in Google Chrome before 19.0.1084.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger out-of-bounds write operations.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 19.0.1028.0 - 19.0.1084.50
CPE2.3- cpe:2.3:a:google:google_chrome:19.0.1028.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:19.0.1029.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:19.0.1030.0:*:*:*:*:*:*:*
https://code.google.com/p/chromium/issues/detail?id=126337
https://code.google.com/p/chromium/issues/detail?id=126343
https://code.google.com/p/chromium/issues/detail?id=126378
https://code.google.com/p/chromium/issues/detail?id=127349
https://code.google.com/p/chromium/issues/detail?id=127819
https://code.google.com/p/chromium/issues/detail?id=127868
https://googlechromereleases.blogspot.com/2012/05/stable-channel-update_23.html
https://osvdb.org/82245
https://secunia.com/advisories/49277
https://www.securityfocus.com/bid/53679
https://www.securitytracker.com/id?1027098
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14666
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Buffer overflow
EUVDB-ID: #VU44046
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-3111
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
Google V8, as used in Google Chrome before 19.0.1084.52, allows remote attackers to cause a denial of service (invalid read operation) via unspecified vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 19.0.1028.0 - 19.0.1084.50
CPE2.3- cpe:2.3:a:google:google_chrome:19.0.1028.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:19.0.1029.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:19.0.1030.0:*:*:*:*:*:*:*
https://code.google.com/p/chromium/issues/detail?id=126414
https://googlechromereleases.blogspot.com/2012/05/stable-channel-update_23.html
https://secunia.com/advisories/49277
https://secunia.com/advisories/49306
https://security.gentoo.org/glsa/glsa-201205-04.xml
https://www.securityfocus.com/bid/53679
https://www.securitytracker.com/id?1027098
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15549
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Use-after-free
EUVDB-ID: #VU44047
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-3112
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing an invalid encrypted document. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 19.0.1028.0 - 19.0.1084.50
CPE2.3- cpe:2.3:a:google:google_chrome:19.0.1028.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:19.0.1029.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:19.0.1030.0:*:*:*:*:*:*:*
https://code.google.com/p/chromium/issues/detail?id=127331
https://googlechromereleases.blogspot.com/2012/05/stable-channel-update_23.html
https://osvdb.org/82247
https://secunia.com/advisories/49277
https://www.securityfocus.com/bid/53679
https://www.securitytracker.com/id?1027098
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15076
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Input validation error
EUVDB-ID: #VU44048
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-3113
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The PDF functionality in Google Chrome before 19.0.1084.52 does not properly perform a cast of an unspecified variable during handling of color spaces, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 19.0.1028.0 - 19.0.1084.50
CPE2.3- cpe:2.3:a:google:google_chrome:19.0.1028.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:19.0.1029.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:19.0.1030.0:*:*:*:*:*:*:*
https://code.google.com/p/chromium/issues/detail?id=127883
https://googlechromereleases.blogspot.com/2012/05/stable-channel-update_23.html
https://osvdb.org/82248
https://secunia.com/advisories/49277
https://www.securityfocus.com/bid/53679
https://www.securitytracker.com/id?1027098
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15566
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Buffer overflow
EUVDB-ID: #VU44049
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-3114
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Multiple buffer overflows in the PDF functionality in Google Chrome before 19.0.1084.52 allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger unknown function calls.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 19.0.1028.0 - 19.0.1084.50
CPE2.3- cpe:2.3:a:google:google_chrome:19.0.1028.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:19.0.1029.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:19.0.1030.0:*:*:*:*:*:*:*
https://code.google.com/p/chromium/issues/detail?id=128014
https://googlechromereleases.blogspot.com/2012/05/stable-channel-update_23.html
https://osvdb.org/82249
https://secunia.com/advisories/49277
https://www.securityfocus.com/bid/53679
https://www.securitytracker.com/id?1027098
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15545
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Buffer overflow
EUVDB-ID: #VU44050
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-3115
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google V8, as used in Google Chrome before 19.0.1084.52, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger "type corruption."
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 19.0.1028.0 - 19.0.1084.50
CPE2.3- cpe:2.3:a:google:google_chrome:19.0.1028.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:19.0.1029.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:19.0.1030.0:*:*:*:*:*:*:*
https://code.google.com/p/chromium/issues/detail?id=128018
https://googlechromereleases.blogspot.com/2012/05/stable-channel-update_23.html
https://secunia.com/advisories/49277
https://secunia.com/advisories/49306
https://security.gentoo.org/glsa/glsa-201205-04.xml
https://www.securityfocus.com/bid/53679
https://www.securitytracker.com/id?1027098
https://exchange.xforce.ibmcloud.com/vulnerabilities/75853
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15433
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Resource management error
EUVDB-ID: #VU44051
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-3103
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google V8, as used in Google Chrome before 19.0.1084.52, does not properly perform garbage collection, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaScript code.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 19.0.1028.0 - 19.0.1084.50
CPE2.3- cpe:2.3:a:google:google_chrome:19.0.1028.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:19.0.1029.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:19.0.1030.0:*:*:*:*:*:*:*
https://code.google.com/p/chromium/issues/detail?id=117409
https://googlechromereleases.blogspot.com/2012/05/stable-channel-update_23.html
https://secunia.com/advisories/49277
https://secunia.com/advisories/49306
https://security.gentoo.org/glsa/glsa-201205-04.xml
https://www.securityfocus.com/bid/53679
https://www.securitytracker.com/id?1027098
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15095
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Buffer overflow
EUVDB-ID: #VU44052
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-3104
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
Skia, as used in Google Chrome before 19.0.1084.52, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 19.0.1028.0 - 19.0.1084.50
CPE2.3- cpe:2.3:a:google:google_chrome:19.0.1028.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:19.0.1029.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:19.0.1030.0:*:*:*:*:*:*:*
https://code.google.com/p/chromium/issues/detail?id=118018
https://googlechromereleases.blogspot.com/2012/05/stable-channel-update_23.html
https://secunia.com/advisories/49277
https://secunia.com/advisories/49306
https://security.gentoo.org/glsa/glsa-201205-04.xml
https://www.securityfocus.com/bid/53679
https://www.securitytracker.com/id?1027098
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15471
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
