http://code.google.com/p/chromium/issues/detail?id=43488

http://googlechromereleases.blogspot.com/2010/07/stable-channel-update.html

41856

MDVSA-2011:039

USN-1006-1

ADV-2010-2722

ADV-2011-0552

oval:org.mitre.oval:def:11884

Multiple cross-site scripting, denial of service and arbitrary code execution security flaws were discovered in webkit.

Please consult the CVE web links for further information.

The updated packages have been upgraded to the latest version (1.2.7) to correct these issues.

A large number of security issues were discovered in the WebKit browser and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

Please consult the bug listed at the top of this advisory to get the exact list of CVE numbers fixed for each release.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Gustavo Noronha Silva reports :

With help from Vincent Danen and other members of the Red Hat security team, the following CVE's where fixed.

Versions of Google Chrome earlier than 5.0.375.99 are potentially affected by multiple vulnerabilities :

  - An unspecified issue in WebGL can trigger an OOB read. (Bug 42396)

  - Sandboxed iframes are not isolated strongly enough. (Bug 42575)

  - A memory corruption issue exists with invalid SVGs. (Bug 43488)

  - A memory corruption issue exists in the bidi algorithm. (Bug 44424)

  - A memory corruption issue exists with invalid PNGs. (Bug 45983)

  - A memory corruption exists in CSS style rendering. (Bug 46360)

  - An unspecified issue with print dialogs. (Bug 46575)

  - An unspecified crash relating to modal dialogs. (Bug 47056)

The version of Google Chrome installed on the remote host is earlier than 5.0.375.99.  It therefore is reportedly affected by multiple vulnerabilities :

  -  An unspecified error allows an out-of-bounds read with      WebGL. (Issue #42396)

  -  An unspecified error exists in the process of isolating      sandboxed iframes. (Issue #42575, #42980)

  -  An unspecified memory corruption error exists in the      handling invalid SVG images. (Issue #43488)

  -  An unspecified memory corruption error exists in the      implementation of a  bidirectional algorithm.
     (Issue #44424)

  -  An unspecified error in the processing of certain      invalid images can lead to application crashes.
     (Issue #45164)

  -  An unspecified memory corruption error exists in the      processing of PNG images and can lead to application      crashes. (Issue #45983)

  -  An unspecified memory corruption error exists in the      processing of CSS. (Issue #46360)

  -  An unspecified error exists in the handling of print      dialogs. (Issue #46575)

  -  An unspecified error exists in the handling of modal      dialogs and can lead to application crashes.
     (Issue #47056)

ID	Name	Product	Family	Severity
52523	Mandriva Linux Security Advisory : webkit (MDVSA-2011:039)	Nessus	Mandriva Local Security Checks	critical
50046	Ubuntu 9.10 / 10.04 LTS / 10.10 : webkit vulnerabilities (USN-1006-1)	Nessus	Ubuntu Local Security Checks	critical
49189	FreeBSD : webkit-gtk2 -- Multiple vulnerabilities (9bcfd7b6-bcda-11df-9a6a-0015f2db7bde)	Nessus	FreeBSD Local Security Checks	critical
800949	Google Chrome < 5.0.375.99 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
5591	Google Chrome < 5.0.375.99 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	medium
47595	Google Chrome < 5.0.375.99 Multiple Vulnerabilities	Nessus	Windows	high

CVE-2010-2647

high

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins

critical

critical

critical

high

medium

high