http://code.google.com/p/chromium/issues/detail?id=54500

http://googlechromereleases.blogspot.com/2010/10/stable-channel-update.html

SUSE-SR:2011:002

41888

43068

DSA-2188

MDVSA-2011:039

44241

ADV-2010-2731

ADV-2011-0212

ADV-2011-0552

oval:org.mitre.oval:def:7646

A large number of security issues were discovered in the WebKit browser and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Several vulnerabilities have been discovered in WebKit, a Web content engine library for GTK+. The Common Vulnerabilities and Exposures project identifies the following problems :

  - CVE-2010-1783     WebKit does not properly handle dynamic modification of     a text node, which allows remote attackers to execute     arbitrary code or cause a denial of service (memory     corruption and application crash) via a crafted HTML     document.

  - CVE-2010-2901     The rendering implementation in WebKit allows remote     attackers to cause a denial of service (memory     corruption) or possibly have unspecified other impact     via unknown vectors.

  - CVE-2010-4199     WebKit does not properly perform a cast of an     unspecified variable during processing of an SVG <use>     element, which allows remote attackers to cause a denial     of service or possibly have unspecified other impact via     a crafted SVG document.

  - CVE-2010-4040     WebKit does not properly handle animated GIF images,     which allows remote attackers to cause a denial of     service (memory corruption) or possibly have unspecified     other impact via a crafted image.

  - CVE-2010-4492     Use-after-free vulnerability in WebKit allows remote     attackers to cause a denial of service or possibly have     unspecified other impact via vectors involving SVG     animations.

  - CVE-2010-4493     Use-after-free vulnerability in WebKit allows remote     attackers to cause a denial of service via vectors     related to the handling of mouse dragging events.

  - CVE-2010-4577     The CSSParser::parseFontFaceSrc function in     WebCore/css/CSSParser.cpp in WebKit does not properly     parse Cascading Style Sheets (CSS) token sequences,     which allows remote attackers to cause a denial of     service (out-of-bounds read) via a crafted local font,     related to 'Type Confusion'.

  - CVE-2010-4578     WebKit does not properly perform cursor handling, which     allows remote attackers to cause a denial of service or     possibly have unspecified other impact via unknown     vectors that lead to 'stale pointers'.

  - CVE-2011-0482     WebKit does not properly perform a cast of an     unspecified variable during handling of anchors, which     allows remote attackers to cause a denial of service or     possibly have unspecified other impact via a crafted     HTML document.

  - CVE-2011-0778     WebKit does not properly restrict drag and drop     operations, which might allow remote attackers to bypass     the Same Origin Policy via unspecified vectors.

Multiple cross-site scripting, denial of service and arbitrary code execution security flaws were discovered in webkit.

Please consult the CVE web links for further information.

The updated packages have been upgraded to the latest version (1.2.7) to correct these issues.

- Fixes the following CVEs: CVE-2010-4492 CVE-2010-4493     CVE-2011-0482 CVE-2010-4199 CVE-2010-4578 CVE-2010-4040     CVE-2011-0778 CVE-2010-2901 CVE-2010-4042

  - Fixes a regression caused by earlier fix for     CVE-2010-1791. This caused webkitgtk to crash on certain     sites with JavaScript.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Gustavo Noronha Silva reports :

This release has essentially security fixes. Refer to the WebKit/gtk/NEWS file inside the tarball for details. We would like to thank the Red Hat security team (Huzaifa Sidhpurwala in particular) and Michael Gilbert from Debian for their help in checking (and pushing!) security issues affecting the WebKitGTK+ stable branch for this release.



Versions of Google chrome earlier than 7.0.517.41 are potentially affected by multiple vulnerabilities :

  - It is possible to spam profiles via autofill / autocomplete. (48225, 51727)

  - An unspecified crash exists relating to forms. (48857)

  - A browser crash exists relating to form autofill. (50428)

  - It is possible to spoof the URl on page unload. (51680)

  - It is possible to bypass the pop-up blocker. (53002)

  - A crash on shutdown exists relating got Web Sockets. (53985)

  - A possible memory corruption exists with animated GIF files. (54500)

  - Stale elements exist in the element map. (56451)

The version of Google Chrome installed on the remote host is earlier than 7.0.517.41.  Such versions are reportedly affected by multiple vulnerabilities :

  - It is possible to spam profiles via autofill /     autocomplete.  (Issue #48225, #51727)

  - An unspecified crash exists relating to forms.
    (Issue #48857)

  - A browser crash exists relating to form autofill.
    (Issue #50428)

  - It is possible to spoof the URL on page unload.
    (Issue #51680)

  - It is possible to bypass the pop-up blocker.
    (Issue #53002)

  - A crash on shutdown exists relating to Web Sockets.
    (Issue #53985)

  - A possible memory corruption exists with animated GIF     files. (Issue #54500)

  - Stale elements exists in the element map.
    (Issue #56451)

ID	Name	Product	Family	Severity
55967	Ubuntu 10.04 LTS / 10.10 : webkit vulnerabilities (USN-1195-1)	Nessus	Ubuntu Local Security Checks	critical
52620	Debian DSA-2188-1 : webkit - several vulnerabilities	Nessus	Debian Local Security Checks	critical
52523	Mandriva Linux Security Advisory : webkit (MDVSA-2011:039)	Nessus	Mandriva Local Security Checks	critical
52018	Fedora 13 : webkitgtk-1.2.7-1.fc13 (2011-1224)	Nessus	Fedora Local Security Checks	critical
51950	FreeBSD : webkit-gtk2 -- Multiple vurnabilities. (35ecdcbe-3501-11e0-afcd-0015f2db7bde)	Nessus	FreeBSD Local Security Checks	critical
800924	Google Chrome < 7.0.517.41 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
5680	Google Chrome < 7.0.517.41 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	medium
50049	Google Chrome < 7.0.517.41 Multiple Vulnerabilities	Nessus	Windows	high

CVE-2010-4040

high

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Configuration 2

Configuration 3

Tenable Plugins

critical

critical

critical

critical

critical

high

medium

high