http://code.google.com/p/chromium/issues/detail?id=77026

http://googlechromereleases.blogspot.com/2011/06/chrome-stable-release.html

72782

44829

48129

chrome-extensions-sec-bypas(67895)

oval:org.mitre.oval:def:14546

Versions of Google Chrome earlier than 12.0.742.91 are potentially affected by multiple vulnerabilities :

  - A use-after-free issue exists due to integer issues in float handling. (Issue 73962, 79746)

  - A use-after-free issue exists in accessibility support. (Issue 75496)

  - A visit history information leak exists in CSS. (Issue 75643)

  - It is possible to crash the browser with lots of form submissions. (Issue 76034)

  - An extensions permission bypass exists. (Issue 77026)

  - A stale pointer exists in the extension framework. (Issue 78516)

  - It is possible to read from an uninitialized pointer. (Issue 79362)

  - It is possible to perform script injection into the new tab page. (Issue 79862)

  - A use-after-free issue exists in developer tools. (Issue 80358)

  - A memory corruption issue exists in history deletion. (Issue 81916)

  - A use-after-free issue exists in the image loader. (Issue 81949)

  - It is possible to perform an extension injection into chrome:// pages. (Issue 83010

  - A same origin bypass exists in V8. (Issue 83275)

  - A same origin bypass exists in DOM. (Issue 83743)

The version of Google Chrome installed on the remote host is earlier than 12.0.742.91.  Such versions of Chrome are affected by multiple vulnerabilities:

  - Use-after-free errors exist in the handling of float     variables, accessibility functionality, developer     tools and an image loader. (Issues #73962, #79746,     #75496, #80358, #81949)

  - An information disclosure vulnerability exists that     can leak browser history via CSS. (Issue #75643)

  - An unspecified error exists related to handling     many form submissions. (Issue #76034)

  - An unspecified extensions permissions bypass     vulnerability exists. (Issue #77026)

  - An unspecified error in the extensions framework can     leave stale pointers behind. (Issue #78516).

  - An unspecified error can lead to a read of an     uninitialized pointer. (Issue #79362)

  - An extension can inject script into a new tab page or     into the browser chrome. (Issues #79862, #83010)

  - An unspecified error exists which can corrupt memory     when the browser history is deleted. (Issue #81916)

  - Errors exist that allow the same origin policy to be     bypassed in 'v8' and 'DOM'. (Issues #83275, #83743)

ID	Name	Product	Family	Severity
800929	Google Chrome < 12.0.742.91 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
5943	Google Chrome < 12.0.742.91 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
54989	Google Chrome < 12.0.742.91 Multiple Vulnerabilities	Nessus	Windows	high
51069	FreeBSD : chromium -- multiple vulnerabilities (6887828f-0229-11e0-b84d-00262d5ed8ee)	Nessus	FreeBSD Local Security Checks	critical

CVE-2011-1812

HIGH

Description

References

Details

Risk Information

CVSS v2.0

Vulnerable Software

Configuration 1

Tenable Plugins

high

high

high

critical