http://code.google.com/p/chromium/issues/detail?id=75186

http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html

APPLE-SA-2011-10-11-1

APPLE-SA-2011-10-12-4

http://support.apple.com/kb/HT4981

http://support.apple.com/kb/HT5000

DSA-2245

chrome-ruby-css-code-exec(67147)

oval:org.mitre.oval:def:14083

The version of Safari installed on the remote Windows host is earlier than 5.1.1.  Thus, it is potentially affected by numerous issues in the following components :

  - Safari
  - WebKit

The version of Apple Safari installed on the remote Mac OS X host is earlier than 5.1.1. Thus, it is potentially affected by numerous issues in the following components :

  - Safari
  - WebKit

The remote host has Safari installed.

Versions of Safari earlier than 5.1.1 are potentially affected by several issues in the following components : 

  - Safari

  - WebKit

The version of Apple iTunes on the remote host is prior to version 10.5. It is, therefore, affected by multiple vulnerabilities in the CoreAudio, CoreFoundation, CoreMedia, ColorSync, ImageIO, and WebKit components. Note that these only affect iTunes for Windows.

The version of Apple iTunes installed on the remote Windows host is older than 10.5. Thus, it is reportedly affected by numerous issues in the following components :

  - CoreFoundation
  - ColorSync
  - CoreAudio
  - CoreMedia
  - ImageIO
  - WebKit

The remote host has Safari installed. 

Versions of Safari earlier than 5.1.1 are potentially affected by several issues in the following components : 

  - Safari

  - WebKit

The remote host has iTunes installed, a popular media player for Windows and Mac OS. 

Versions of iTunes earlier than 10.5 are potentially affected by numerous issues in the following components :

  - CoreFoundation

  - ColorSync

  - CoreAudio

  - CoreMedia

  - ImageIO

  - WebKit

Several vulnerabilities were discovered in the Chromium browser. The Common Vulnerabilities and Exposures project identifies the following problems :

  - CVE-2011-1292     Use-after-free vulnerability in the frame-loader     implementation in Google Chrome allows remote attackers     to cause a denial of service or possibly have     unspecified other impact via unknown vectors.

  - CVE-2011-1293     Use-after-free vulnerability in the HTMLCollection     implementation in Google Chrome allows remote attackers     to cause a denial of service or possibly have     unspecified other impact via unknown vectors.

  - CVE-2011-1440     Use-after-free vulnerability in Google Chrome allows     remote attackers to cause a denial of service or     possibly have unspecified other impact via vectors     related to the Ruby element and Cascading Style Sheets     (CSS) token sequences.

  - CVE-2011-1444     Race condition in the sandbox launcher implementation in     Google Chrome on Linux allows remote attackers to cause     a denial of service or possibly have unspecified other     impact via unknown vectors.

  - CVE-2011-1797     Google Chrome does not properly render tables, which     allows remote attackers to cause a denial of service or     possibly have unspecified other impact via unknown     vectors that lead to a 'stale pointer'.

  - CVE-2011-1799     Google Chrome does not properly perform casts of     variables during interaction with the WebKit engine,     which allows remote attackers to cause a denial of     service or possibly have unspecified other impact via     unknown vectors.

The version of Google Chrome installed on the remote host is earlier than 11.0.696.57.  Such versions of Chrome are affected by multiple vulnerabilities:

  - A stale pointer exists in floating object handling.
    (Issue #61502)

  - It may be possible to bypass the pop-up blocker via     plug-ins. (Issue #70538)

  - There is a lack of thread safety in MIME handling.
    (Issue #71586)

  - A bad extension with 'tabs' permission can capture local     files. (Issue #72523)

  - Multiple integer overflows exist in float rendering.
    (Issue #73526)

  - A same origin policy violation exists with blobs.
    (Issue #74653)

  - A use-after-free error exists with <ruby> tags and CSS.
    (Issue #75186)

  - A bad cast exists with floating select lists.
    (Issue #75347)

  - Corrupt node trees exist with mutation events.
    (Issue #75801)

  - Multiple stale pointers exist in layering code.
    (Issue #76001)

  - An out-of-bounds read exists in SVG. (Issue #76646)

  - It is possible to spoof the URL bar with navigation     errors and interrupted loads. (Issue #76666, #77507,     #78031)

  - A stale pointer exists in drop-down list handling.
    (Issue #76966)

  - A stale pointer exists in height calculations.
    (Issue #77130)

  - A use-after-free error exists in WebSockets.
    (Issue #77346)

  - Multiple dandling pointers exist in file dialogs.
    (Issue #77349)

  - Multiple dangling pointers exist in DOM id map.
    (Issue #77463)

  - It is possible to spoof the URL bar with redirect and     manual reload. (Issue #77786)

  - A use-after-free issue exists in DOM id handling.
    (Issue #79199)

  - An out-of-bounds read exists when handling     multipart-encoded PDFs. (Issue #79361)

  - Multiple stale pointers exist with PDF forms.
    (Issue #79364)

Versions of Google Chrome earlier than 11.0.696.57 are potentially affected by multiple vulnerabilities :

  - A stale pointer exists in floating point handling. (61502)

  - It may be possible to bypass the pop-up blocker via plug-ins. (70538)

  - A linked-list race issue exists in database handling.  Note that this issue only affects Chrome on Linux and Mac OS. (70589)

  - There is a lack of thread safety in MIME handling. (71586)

  - A bad extension with 'tabs' permission can capture local files. (72523)

  - It is possible to crash the browser due to bad interaction with X.  Note that this issue only affects Chrome on Linux. (72910)- Multiple integer overflows exist in float rendering. (73526)

  - A same origin policy violation exists with blobs. (74653)

  - A use-after-free error exists with ruby tags and CSS. (75186)

  - A bad cast exists with floating select lists. (75347)

  - Corrupt node trees exists with mutation events. (75801)

  - Multiple stale pointers exist in layering code. (76001)

  - A race condition exists in the sandbox launcher. (76542)

  - An out-of-bounds read exists in SVG. (76646)

  - It is possible to spoof the URL bar with navigation errors and interrupted loads. (76666, 77507, 78031)

  - A stale pointer exists in drop-down list handling. (76966)

  - A stale pointer exists in height calculations. (77130)

  - A use-after-free error exists in WebSockets. (77346)

  - Multiple dangling pointers exist in file dialogs. (77349)

  - Multiple dangling pointers exist in DOM id map. (77463)

  - It is possible to spoof the URL bar with redirect and manual reload. (77786)

  - A use-after-free issue exists in DOM id handling. (79199)

  - An out-of-bounds read exists when handling multipart-encoded PDFs. (79361)

  - Multiple stale pointers exist with PDF forms. (79364)

ID	Name	Product	Family	Severity
56483	Safari < 5.1.1 Multiple Vulnerabilities	Nessus	Windows	high
56482	Mac OS X : Apple Safari < 5.1.1	Nessus	MacOS X Local Security Checks	high
800997	Safari < 5.1.1 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
56470	Apple iTunes < 10.5 Multiple Vulnerabilities (uncredentialed check)	Nessus	Peer-To-Peer File Sharing	high
56469	Apple iTunes < 10.5 Multiple Vulnerabilities (credentialed check)	Nessus	Windows	high
6038	Safari < 5.1.1 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
6037	iTunes < 10.5 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
55033	Debian DSA-2245-1 : chromium-browser - several vulnerabilities	Nessus	Debian Local Security Checks	high
53569	Google Chrome < 11.0.696.57 Multiple Vulnerabilities	Nessus	Windows	high
800937	Google Chrome < 11.0.696.57 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
51069	FreeBSD : chromium -- multiple vulnerabilities (6887828f-0229-11e0-b84d-00262d5ed8ee)	Nessus	FreeBSD Local Security Checks	critical

CVE-2011-1440

Description

References

Details

Risk Information

CVSS v2.0

Vulnerable Software

Configuration 1

Configuration 2

Configuration 3

Tenable Plugins