icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Google Chrome < 17.0.963.46 Multiple Vulnerabilities

High

Synopsis

The remote host contains a web browser that is vulnerable to multiple attack vectors.

Description



Versions of Google Chrome earlier than 17.0.963.46 are potentially affected by the following vulnerabilities :

- Clipboard monitoring after a paste action is possible. (CVE-2011-3953)

- Application crashes are possible with excessive database usage, killing an 'IndexDB' transaction, signature checks and processing unusual certificates. (CVE-2011-3954, CVE-2011-3955, CVE-2011-3965, CVE-2011-3967)

- Sandboxed origins are not handled properly inside extensions. (CVE-2011-3956)

- Use-after-free errors exist related to PDF garbage collection, stylesheet error handling, CSS handling, SVG layout and 'mousemove' event handling. (CVE-2011-3957, CVE-2011-3966, CVE-2011-3968, CVE-2011-3969, CVE-2011-3971)

- An error exists related to bad casting and column spans. (CVE-2011-3958)

- A buffer overflow exists related to locale handling. (CVE-2011-3959)

- Out-of-bounds read errors exist related to audio decoding, path clipping, PDF fax imaging, 'libxslt', and the shader translator. (CVE-2011-3960, CVE-2011-3962, CVE-2011-3963, CVE-2011-3970, CVE-2011-3972)

- A race condition exists after a utility process crashes. (CVE-2011-3961)

- An unspecified error exists related to the URL bar after drag and drop operations. (CVE-2011-3964)

Solution

Upgrade to Google Chrome 17.0.963.46 or later.