http://code.google.com/p/chromium/issues/detail?id=64046

http://googlechromereleases.blogspot.com/2011/05/stable-channel-update.html

DSA-2245

oval:org.mitre.oval:def:14029

Several vulnerabilities were discovered in the Chromium browser. The Common Vulnerabilities and Exposures project identifies the following problems :

  - CVE-2011-1292     Use-after-free vulnerability in the frame-loader     implementation in Google Chrome allows remote attackers     to cause a denial of service or possibly have     unspecified other impact via unknown vectors.

  - CVE-2011-1293     Use-after-free vulnerability in the HTMLCollection     implementation in Google Chrome allows remote attackers     to cause a denial of service or possibly have     unspecified other impact via unknown vectors.

  - CVE-2011-1440     Use-after-free vulnerability in Google Chrome allows     remote attackers to cause a denial of service or     possibly have unspecified other impact via vectors     related to the Ruby element and Cascading Style Sheets     (CSS) token sequences.

  - CVE-2011-1444     Race condition in the sandbox launcher implementation in     Google Chrome on Linux allows remote attackers to cause     a denial of service or possibly have unspecified other     impact via unknown vectors.

  - CVE-2011-1797     Google Chrome does not properly render tables, which     allows remote attackers to cause a denial of service or     possibly have unspecified other impact via unknown     vectors that lead to a 'stale pointer'.

  - CVE-2011-1799     Google Chrome does not properly perform casts of     variables during interaction with the WebKit engine,     which allows remote attackers to cause a denial of     service or possibly have unspecified other impact via     unknown vectors.

Versions of Google Chrome earlier than 11.0.696.68 are potentially affected by multiple vulnerabilities :

  - Bad casts exist in Chromium WebKit glue. (CVE-2011-1799)

  - Integer overflows exist in the SVG filters. (CVE-2011-1800)

The version of Google Chrome installed on the remote host is earlier than 11.0.696.68.  Such versions of Chrome are affected by multiple vulnerabilities:

  - Multiple variable cast errors exist in the WebKit glue     code. These errors can be exploited and allow an     attacker to execute arbitrary code or crash the     the application. (Issue #64046)

  - Multiple integer overflows exist in the SVG filters.
    These errors can be exploited and allow an attacker to     execute arbitrary code or crash the application.
    (Issue #80608)

ID	Name	Product	Family	Severity
55033	Debian DSA-2245-1 : chromium-browser - several vulnerabilities	Nessus	Debian Local Security Checks	high
800948	Google Chrome < 11.0.696.68 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
5912	Google Chrome < 11.0.696.68 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
53879	Google Chrome < 11.0.696.68 Multiple Vulnerabilities	Nessus	Windows	high
51069	FreeBSD : chromium -- multiple vulnerabilities (6887828f-0229-11e0-b84d-00262d5ed8ee)	Nessus	FreeBSD Local Security Checks	critical

CVE-2011-1799

MEDIUM

Description

References

Details

Risk Information

CVSS v2.0

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins

high

high

high

high

critical