http://code.google.com/p/chromium/issues/detail?id=73526

http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html

chrome-float-code-execution(67144)

oval:org.mitre.oval:def:14601

The version of Google Chrome installed on the remote host is earlier than 11.0.696.57.  Such versions of Chrome are affected by multiple vulnerabilities:

  - A stale pointer exists in floating object handling.
    (Issue #61502)

  - It may be possible to bypass the pop-up blocker via     plug-ins. (Issue #70538)

  - There is a lack of thread safety in MIME handling.
    (Issue #71586)

  - A bad extension with 'tabs' permission can capture local     files. (Issue #72523)

  - Multiple integer overflows exist in float rendering.
    (Issue #73526)

  - A same origin policy violation exists with blobs.
    (Issue #74653)

  - A use-after-free error exists with <ruby> tags and CSS.
    (Issue #75186)

  - A bad cast exists with floating select lists.
    (Issue #75347)

  - Corrupt node trees exist with mutation events.
    (Issue #75801)

  - Multiple stale pointers exist in layering code.
    (Issue #76001)

  - An out-of-bounds read exists in SVG. (Issue #76646)

  - It is possible to spoof the URL bar with navigation     errors and interrupted loads. (Issue #76666, #77507,     #78031)

  - A stale pointer exists in drop-down list handling.
    (Issue #76966)

  - A stale pointer exists in height calculations.
    (Issue #77130)

  - A use-after-free error exists in WebSockets.
    (Issue #77346)

  - Multiple dandling pointers exist in file dialogs.
    (Issue #77349)

  - Multiple dangling pointers exist in DOM id map.
    (Issue #77463)

  - It is possible to spoof the URL bar with redirect and     manual reload. (Issue #77786)

  - A use-after-free issue exists in DOM id handling.
    (Issue #79199)

  - An out-of-bounds read exists when handling     multipart-encoded PDFs. (Issue #79361)

  - Multiple stale pointers exist with PDF forms.
    (Issue #79364)



Versions of Google Chrome earlier than 11.0.696.57 are potentially affected by multiple vulnerabilities :

  - A stale pointer exists in floating point handling. (61502)

  - It may be possible to bypass the pop-up blocker via plug-ins. (70538)

  - A linked-list race issue exists in database handling.  Note that this issue only affects Chrome on Linux and Mac OS. (70589)

  - There is a lack of thread safety in MIME handling. (71586)

  - A bad extension with 'tabs' permission can capture local files. (72523)

  - It is possible to crash the browser due to bad interaction with X.  Note that this issue only affects Chrome on Linux. (72910)- Multiple integer overflows exist in float rendering. (73526)

  - A same origin policy violation exists with blobs. (74653)

  - A use-after-free error exists with ruby tags and CSS. (75186)

  - A bad cast exists with floating select lists. (75347)

  - Corrupt node trees exists with mutation events. (75801)

  - Multiple stale pointers exist in layering code. (76001)

  - A race condition exists in the sandbox launcher. (76542)

  - An out-of-bounds read exists in SVG. (76646)

  - It is possible to spoof the URL bar with navigation errors and interrupted loads. (76666, 77507, 78031)

  - A stale pointer exists in drop-down list handling. (76966)

  - A stale pointer exists in height calculations. (77130)

  - A use-after-free error exists in WebSockets. (77346)

  - Multiple dangling pointers exist in file dialogs. (77349)

  - Multiple dangling pointers exist in DOM id map. (77463)

  - It is possible to spoof the URL bar with redirect and manual reload. (77786)

  - A use-after-free issue exists in DOM id handling. (79199)

  - An out-of-bounds read exists when handling multipart-encoded PDFs. (79361)

  - Multiple stale pointers exist with PDF forms. (79364)

ID	Name	Product	Family	Severity
53569	Google Chrome < 11.0.696.57 Multiple Vulnerabilities	Nessus	Windows	high
800937	Google Chrome < 11.0.696.57 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
5899	Google Chrome < 11.0.696.57 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
51069	FreeBSD : chromium -- multiple vulnerabilities (6887828f-0229-11e0-b84d-00262d5ed8ee)	Nessus	FreeBSD Local Security Checks	critical

CVE-2011-1437

MEDIUM

Description

References

Details

Risk Information

CVSS v2.0

Vulnerable Software

Configuration 1

Tenable Plugins

high

high

high

critical