http://code.google.com/p/chromium/issues/detail?id=87339

http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html

74245

google-chrome-function-info-disclosure(68957)

oval:org.mitre.oval:def:14653

The version of Google Chrome installed on the remote host is earlier than 13.0.782.107.  As such, it is potentially affected by several vulnerabilities :

  - An unspecified error exists related to extension     installation and confirmation dialogs. (Issue #75821)

  - A stale pointer issue exists related to bad line box     tracking and rendering. (Issue #78841)

  - A security bypass issue exists related to file download     prompts. (Issue #79266)

  - A string handling issue exists related to the HTTP     basic authentication dialog box. (Issue #79426)

  - Developer mode NPAPI extensions do not always prompt     a user before installation. (Issue #83273)

  - A local, unspecified path disclosure issue exists and     is related to the GL log. (Issue #83841)

  - Extensions' homepage URLs are not properly sanitized.
    (Issue #84402)

  - The browser's speech-input element is not always on the     screen at required times. (Issue #84600)

  - A re-entrancy issue related to the GPU lock can cause     the browser to crash. (Issue #84805)

  - A buffer overflow exists in the inspector     serialization. (Issue #85559)

  - Use-after-free errors exist related to the Pepper     plugin, floating styles, float removal, media     selectors, Skia, resource caching, HTML range handling,     frame loading and display box rendering that can cause     the browser to crash. (Issues #85808, #86502, #87148,     #87227,# 87548, #87729, #87925, #88846, #88889)

  - An out-of-bounds write error exists related to the     Internal Components for Unicode (ICU). (Issue #86900)

  - Out-of-bounds read errors exist related to text     iteration and Skia paths. (Issue #87298)

  - A cross-frame function leak exists. (Issue #87339)

  - Access to internal schemes is not properly enforced.
    (Issue #87815)

  - Client side redirect targets may be leaked to remote     locations. (Issue #88337)

  - Const lookups can cause the V8 JavaScript engine to     crash. (Issue #88591)

  - Certain PDF files with nested functions can cause the     browser to crash. (Issue #89142)

  - The same origin policy is not properly enforced which     can lead to cross-origin script injection and other     cross-origin violations. (Issues #89520, #90222)

Versions of Google Chrome earlier than 13.0.782.107 are potentially affected by multiple vulnerabilities :

  - It is possible to install an extension without a confirmation dialog. (Issue 75821)

  - A stale pointer exists due to bad line box tracking in rendering. (Issue 78841)

  - It is possible to bypass the dangerous file prompt. (Issue 79266)

  - An unspecified issue exists relating to the designation of strings in the basic auth dialog. (Issue 79426)

  - A file permissions error exists with drag and drop.  Note that this issue only affects Chrome on Linux. (Issue 81307)

  - Developer mode NPAPI extension installs are not always confirmed via browser dialog boxes. (Issue 83273)

  - It is possible for the local file path to be disclosed via a GL program log. (CVE-2011-2784)

  - The homepage URL in extensions is not properly sanitized. (Issue 84402)

  - The speech-input bubble is not always displayed on-screen. (Issue 84600)

  - It is possible to crash the browser due to a GPU lock re-entrancy issue. (Issue 84805)

  - A buffer overflow issue exists in inspector serialization. (Issue 85559)

  - A use-after-free issue exists in the Pepper plug-in installation. (Issue 85808)

  - A use-after-free issue exists with floating styles. (Issue 86502)

  - An out-of-bounds write exists in ICU. (Issue 86900)

  - A use-after-free issue exists with float removal. (Issue 87148)

  - A use-after-free issue exists in media selectors. (Issue 87227)

  - An out-of-bounds read exists in text iteration. (Issue 87298)

  - A leak exists relating to cross-frame functions. (Issue 87339)

  - A use-after-free issue exists in Skia. (Issue 87548)

  - A use-after-free issue exists in resource caching. (Issue 87729)

  - Several unspecified internal schemes are web accessible. (Issue 87815)

  - A use-after-free issue exists in HTML range handling. (Issue 87925)

  - It is possible for a client side redirect target to be leaked. (Issue 88337)

  - It is possible for v8 to crash with const lookups. (Issue 88591)

  - A use-after-free issue exists in the frame loader. (Issue 88846)

  - A use-after-free issue exists in display box rendering. (Issue 88889)

  - A PDF crash exists with nested functions. (Issue 89142)

  - A cross-origin script injection issue exists. (Issue 89520)

  - A cross-origin violation exists in base URI handling. (Issue 90222)

ID	Name	Product	Family	Severity
55765	Google Chrome < 13.0.782.107 Multiple Vulnerabilities	Nessus	Windows	high
800963	Google Chrome < 13.0.782.107 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
5998	Google Chrome < 13.0.782.107 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
51069	FreeBSD : chromium -- multiple vulnerabilities (6887828f-0229-11e0-b84d-00262d5ed8ee)	Nessus	FreeBSD Local Security Checks	critical

CVE-2011-2795

MEDIUM

Description

References

Details

Risk Information

CVSS v2.0

Vulnerable Software

Configuration 1

Tenable Plugins

high

high

high

critical