http://code.google.com/p/chromium/issues/detail?id=58657

http://googlechromereleases.blogspot.com/2010/11/stable-channel-update.html

42109

DSA-2188

oval:org.mitre.oval:def:11429

A large number of security issues were discovered in the WebKit browser and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Several vulnerabilities have been discovered in WebKit, a Web content engine library for GTK+. The Common Vulnerabilities and Exposures project identifies the following problems :

  - CVE-2010-1783     WebKit does not properly handle dynamic modification of     a text node, which allows remote attackers to execute     arbitrary code or cause a denial of service (memory     corruption and application crash) via a crafted HTML     document.

  - CVE-2010-2901     The rendering implementation in WebKit allows remote     attackers to cause a denial of service (memory     corruption) or possibly have unspecified other impact     via unknown vectors.

  - CVE-2010-4199     WebKit does not properly perform a cast of an     unspecified variable during processing of an SVG <use>     element, which allows remote attackers to cause a denial     of service or possibly have unspecified other impact via     a crafted SVG document.

  - CVE-2010-4040     WebKit does not properly handle animated GIF images,     which allows remote attackers to cause a denial of     service (memory corruption) or possibly have unspecified     other impact via a crafted image.

  - CVE-2010-4492     Use-after-free vulnerability in WebKit allows remote     attackers to cause a denial of service or possibly have     unspecified other impact via vectors involving SVG     animations.

  - CVE-2010-4493     Use-after-free vulnerability in WebKit allows remote     attackers to cause a denial of service via vectors     related to the handling of mouse dragging events.

  - CVE-2010-4577     The CSSParser::parseFontFaceSrc function in     WebCore/css/CSSParser.cpp in WebKit does not properly     parse Cascading Style Sheets (CSS) token sequences,     which allows remote attackers to cause a denial of     service (out-of-bounds read) via a crafted local font,     related to 'Type Confusion'.

  - CVE-2010-4578     WebKit does not properly perform cursor handling, which     allows remote attackers to cause a denial of service or     possibly have unspecified other impact via unknown     vectors that lead to 'stale pointers'.

  - CVE-2011-0482     WebKit does not properly perform a cast of an     unspecified variable during handling of anchors, which     allows remote attackers to cause a denial of service or     possibly have unspecified other impact via a crafted     HTML document.

  - CVE-2011-0778     WebKit does not properly restrict drag and drop     operations, which might allow remote attackers to bypass     the Same Origin Policy via unspecified vectors.

- Fixes the following CVEs: CVE-2010-4492 CVE-2010-4493     CVE-2011-0482 CVE-2010-4199 CVE-2010-4578 CVE-2010-4040     CVE-2011-0778 CVE-2010-2901 CVE-2010-4042

  - Fixes a regression caused by earlier fix for     CVE-2010-1791. This caused webkitgtk to crash on certain     sites with JavaScript.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Gustavo Noronha Silva reports :

This release has essentially security fixes. Refer to the WebKit/gtk/NEWS file inside the tarball for details. We would like to thank the Red Hat security team (Huzaifa Sidhpurwala in particular) and Michael Gilbert from Debian for their help in checking (and pushing!) security issues affecting the WebKitGTK+ stable branch for this release.

Versions of Google Chrome earlier than 7.0.517.44 are potentially affected by multiple vulnerabilities :

  - A use-after-free error exists in text editing. (51602)

  - A memory corruption error exists relating to enormous text area. (55257)

  - A bad cast exists with the SVG use element. (58657)

  - An invalid memory read exists in XPath handling. (58731)

  - A use-after-free error exists in text-control-selections. (58741)

  - Multiple integer overflows exists in font handling. (59320)

  - A memory corruption issue exists in libvpx. (60055)

  - A bad use of a destroyed frame object exists. (60238)

  - Multiple type confusions exists with event objects. (60327, 60769, 61255)

  - An out-of-bounds array access exists in SVG handling. (60688)

ID	Name	Product	Family	Severity
55967	Ubuntu 10.04 LTS / 10.10 : webkit vulnerabilities (USN-1195-1)	Nessus	Ubuntu Local Security Checks	critical
52620	Debian DSA-2188-1 : webkit - several vulnerabilities	Nessus	Debian Local Security Checks	critical
52018	Fedora 13 : webkitgtk-1.2.7-1.fc13 (2011-1224)	Nessus	Fedora Local Security Checks	critical
51950	FreeBSD : webkit-gtk2 -- Multiple vurnabilities. (35ecdcbe-3501-11e0-afcd-0015f2db7bde)	Nessus	FreeBSD Local Security Checks	critical
800908	Google Chrome < 7.0.517.44 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
5698	Google Chrome < 7.0.517.44 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high

CVE-2010-4199

high

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins

critical

critical

critical

critical

high

high