Detections
Analytics

Google Chrome < 17.0.963.46 Multiple Vulnerabilities

high Log Correlation Engine Plugin ID 800936

Synopsis

The remote host contains a web browser that is vulnerable to multiple attack vectors.

Description

Versions of Google Chrome earlier than 17.0.963.46 are potentially affected by the following vulnerabilities :

 - Clipboard monitoring after a paste action is possible. (CVE-2011-3953)

 - Application crashes are possible with excessive database usage, killing an 'IndexDB' transaction, signature checks and processing unusual certificates. (CVE-2011-3954, CVE-2011-3955, CVE-2011-3965, CVE-2011-3967)

 - Sandboxed origins are not handled properly inside extensions. (CVE-2011-3956)

 - Use-after-free errors exist related to PDF garbage collection, stylesheet error handling, CSS handling, SVG layout and 'mousemove' event handling. (CVE-2011-3957, CVE-2011-3966, CVE-2011-3968, CVE-2011-3969, CVE-2011-3971)

 - An error exists related to bad casting and column spans. (CVE-2011-3958)

 - A buffer overflow exists related to locale handling. (CVE-2011-3959)

 - Out-of-bounds read errors exist related to audio decoding, path clipping, PDF fax imaging, 'libxslt', and the shader translator. (CVE-2011-3960, CVE-2011-3962, CVE-2011-3963, CVE-2011-3970, CVE-2011-3972)

 - A race condition exists after a utility process crashes. (CVE-2011-3961)

 - An unspecified error exists related to the URL bar after drag and drop operations. (CVE-2011-3964)

Solution

Upgrade to Google Chrome 17.0.963.46 or later.

See Also

googlechromereleases.blogspot.com/2012/02/stable-channel-update.html

Plugin Details

Severity: High

ID: 800936

Family: Web Clients

Published: 2/8/2012

Nessus ID: 57876

Risk Information

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

Patch Publication Date: 2/8/2012

Vulnerability Publication Date: 2/8/2012

Reference Information

CVE: CVE-2011-3953, CVE-2011-3954, CVE-2011-3955, CVE-2011-3956, CVE-2011-3957, CVE-2011-3958, CVE-2011-3959, CVE-2011-3960, CVE-2011-3961, CVE-2011-3962, CVE-2011-3963, CVE-2011-3964, CVE-2011-3965, CVE-2011-3966, CVE-2011-3967, CVE-2011-3968, CVE-2011-3969, CVE-2011-3970, CVE-2011-3971, CVE-2011-3972

BID: 51911