http://code.google.com/p/chromium/issues/detail?id=89219

http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html

APPLE-SA-2012-03-07-1

APPLE-SA-2012-03-07-2

APPLE-SA-2012-03-12-1

75545

48274

48288

48377

1026774

chrome-unload-code-exec(69872)

oval:org.mitre.oval:def:14451

The mobile device is running a version of iOS that is older than version 5.1. Version 5.1 contains numerous security-related fixes for the following vulnerabilities :

  - Apple iPhone/iPad/iPod Touch prior to iOS 5.1 Multiple     Vulnerabilities (CVE-2012-0641)

  - Apple Mac OS X Integer Overflow Vulnerability     (CVE-2011-3453)

  - Google Chrome prior to 15.0.874.102 Multiple Security     Vulnerabilities (CVE-2011-3887)

  - WebKit Multiple Unspecified Cross-Site Scripting     Vulnerabilities (CVE-2012-0590)

  - Google Chrome prior to 13.0.782.215 Multiple Security     Vulnerabilities (CVE-2011-2825)

  - WebKit Multiple Unspecified Memory Corruption     Vulnerabilities (CVE-2011-2833)

  - Google Chrome prior to 14.0.835.163 Multiple Security     Vulnerabilities (CVE-2011-2846)

  - Google Chrome prior to 14.0.835.202 Multiple Security     Vulnerabilities (CVE-2011-2877)

  - Google Chrome prior to 15.0.874.120 Multiple Security     Vulnerabilities (CVE-2011-3897)

  - Google Chrome prior to 16.0.912.63 Multiple Security     Vulnerabilities (CVE-2011-3908)

  - WebKit SVG Tags Use-After-Free Remote Code Execution     Vulnerability (CVE-2011-3928)

  - Google Chrome prior to 16.0.912.77 Multiple Security     Vulnerabilities (CVE-2012-0591)

  - WebKit Array.Splice Method Remote Code Execution     Vulnerability (CVE-2012-0592)

The remote host has Safari installed. 

Versions of Safari earlier than 5.1.4 are reportedly affected by several issues :

  - Look-alike characters in a URL could be used to masquerade a website. (CVE-2012-0584)

  - Web page visits may be recorded in browser history even when private browsing is active. (CVE-2012-0585)

  - Multiple cross-site scripting issues existed in WebKit. (CVE-2011-3881, CVE-2012-0586, CVE-2012-0587, CVE-2012-0588, CVE-2012-0589)

  - A cross-origin issue existed in WebKit, which may allow cookies to be disclosed across origins. (CVE-2011-3887)

  - Visiting a maliciously crafted website and dragging content with the mouse may lead to a cross-site scripting attack. (CVE-2012-0590)

  - Multiple memory corruption issues existed in WebKit. (CVE-2011-2825, CVE-2011-2833, CVE-2011-2846, CVE-2011-2847, CVE-2011-2854, CVE-2011-2855, CVE-2011-2857, CVE-2011-2860, CVE-2011-2866, CVE-2011-2867, CVE-2011-2868, CVE-2011-2869, CVE-2011-2870, CVE-2011-2871, CVE-2011-2872, CVE-2011-2873, CVE-2011-2877, CVE-2011-3885, CVE-2011-3888, CVE-2011-3897, CVE-2011-3908, CVE-2011-3909, CVE-2011-3928, CVE-2012-0591, CVE-2012-0592, CVE-2012-0593, CVE-2012-0594, CVE-2012-0595, CVE-2012-0596, CVE-2012-0597, CVE-2012-0598, CVE-2012-0599, CVE-2012-0600, CVE-2012-0601, CVE-2012-0602, CVE-2012-0603, CVE-2012-0604, CVE-2012-0605, CVE-2012-0606, CVE-2012-0607, CVE-2012-0608, CVE-2012-0609, CVE-2012-0610, CVE-2012-0611, CVE-2012-0612, CVE-2012-0613, CVE-2012-0614, CVE-2012-0615, CVE-2012-0616, CVE-2012-0617, CVE-2012-0618, CVE-2012-0619, CVE-2012-0620, CVE-2012-0621, CVE-2012-0622, CVE-2012-0623, CVE-2012-0624, CVE-2120-0625, CVE-2012-0626, CVE-2012-0627, CVE-2012-0628, CVE-2012-0629, CVE-2012-0630, CVE-2012-0631, CVE-2012-0632, CVE-2012-0633, CVE-2012-0635, CVE-2012-0636, CVE-2012-0637, CVE-2012-0638, CVE-2012-0639, CVE-2012-0648(

  - Cookies may be set by third-parties, even when Safari is configured to block them. (CVE-2012-0640)

  - If a site uses HTTP authentication and redirects to another site, the authentication credentials may be sent to the other site. (CVE-2012-0647)

The version of Safari installed on the remote host reportedly is affected by several issues :
  - Look-alike characters in a URL could be used to     masquerade a website. (CVE-2012-0584)

  - Web page visits may be recorded in browser history even     when private browsing is active. (CVE-2012-0585)

  - Multiple cross-site scripting issues existed in WebKit.     (CVE-2011-3881, CVE-2012-0586, CVE-2012-0587,     CVE-2012-0588, CVE-2012-0589)

  - A cross-origin issue existed in WebKit, which may allow     cookies to be disclosed across origins. (CVE-2011-3887)

  - Visiting a maliciously crafted website and dragging     content with the mouse may lead to a cross-site     scripting attack. (CVE-2012-0590)

  - Multiple memory corruption issues existed in WebKit.
    (CVE-2011-2825, CVE-2011-2833, CVE-2011-2846,      CVE-2011-2847, CVE-2011-2854, CVE-2011-2855,      CVE-2011-2857, CVE-2011-2860, CVE-2011-2866,      CVE-2011-2867, CVE-2011-2868, CVE-2011-2869,      CVE-2011-2870, CVE-2011-2871, CVE-2011-2872,      CVE-2011-2873, CVE-2011-2877, CVE-2011-3885,      CVE-2011-3888, CVE-2011-3897, CVE-2011-3908,      CVE-2011-3909, CVE-2011-3928, CVE-2012-0591,      CVE-2012-0592, CVE-2012-0593, CVE-2012-0594,      CVE-2012-0595, CVE-2012-0596, CVE-2012-0597,      CVE-2012-0598, CVE-2012-0599, CVE-2012-0600,      CVE-2012-0601, CVE-2012-0602, CVE-2012-0603,      CVE-2012-0604, CVE-2012-0605, CVE-2012-0606,      CVE-2012-0607, CVE-2012-0608, CVE-2012-0609,      CVE-2012-0610, CVE-2012-0611, CVE-2012-0612,      CVE-2012-0613, CVE-2012-0614, CVE-2012-0615,      CVE-2012-0616, CVE-2012-0617, CVE-2012-0618,      CVE-2012-0619, CVE-2012-0620, CVE-2012-0621,      CVE-2012-0622, CVE-2012-0623, CVE-2012-0624,      CVE-2012-0625, CVE-2012-0626, CVE-2012-0627,      CVE-2012-0628, CVE-2012-0629, CVE-2012-0630,      CVE-2012-0631, CVE-2012-0632, CVE-2012-0633,      CVE-2012-0635, CVE-2012-0636, CVE-2012-0637,      CVE-2012-0638, CVE-2012-0639, CVE-2012-0648)

   - Cookies may be set by third-parties, even when Safari      is configured to block them. (CVE-2012-0640)

   - If a site uses HTTP authentication and redirects to      another site, the authentication credentials may be      sent to the other site. (CVE-2012-0647)

The version of Apple Safari installed on the remote Mac OS X host is earlier than 5.1.4.  Thus, it is potentially affected by several issues :
 
  - Web page visits may be recorded in browser history even     when private browsing is active. (CVE-2012-0585)

  - Multiple cross-site scripting issues existed in WebKit.     (CVE-2011-3881, CVE-2012-0586, CVE-2012-0587,     CVE-2012-0588, CVE-2012-0589)

  - A cross-origin issue existed in WebKit, which may allow     cookies to be disclosed across origins. (CVE-2011-3887)

  - Visiting a maliciously crafted website and dragging     content with the mouse may lead to a cross-site     scripting attack. (CVE-2012-0590)

  - Multiple memory corruption issues existed in WebKit.
    (CVE-2011-2825, CVE-2011-2833, CVE-2011-2846,      CVE-2011-2847, CVE-2011-2854, CVE-2011-2855,      CVE-2011-2857, CVE-2011-2860, CVE-2011-2866,      CVE-2011-2867, CVE-2011-2868, CVE-2011-2869,      CVE-2011-2870, CVE-2011-2871, CVE-2011-2872,      CVE-2011-2873, CVE-2011-2877, CVE-2011-3885,      CVE-2011-3888, CVE-2011-3897, CVE-2011-3908,      CVE-2011-3909, CVE-2011-3928, CVE-2012-0591,      CVE-2012-0592, CVE-2012-0593, CVE-2012-0594,      CVE-2012-0595, CVE-2012-0596, CVE-2012-0597,      CVE-2012-0598, CVE-2012-0599, CVE-2012-0600,      CVE-2012-0601, CVE-2012-0602, CVE-2012-0603,      CVE-2012-0604, CVE-2012-0605, CVE-2012-0606,      CVE-2012-0607, CVE-2012-0608, CVE-2012-0609,      CVE-2012-0610, CVE-2012-0611, CVE-2012-0612,      CVE-2012-0613, CVE-2012-0614, CVE-2012-0615,      CVE-2012-0616, CVE-2012-0617, CVE-2012-0618,      CVE-2012-0619, CVE-2012-0620, CVE-2012-0621,      CVE-2012-0622, CVE-2012-0623, CVE-2012-0624,      CVE-2012-0625, CVE-2012-0626, CVE-2012-0627,      CVE-2012-0628, CVE-2012-0629, CVE-2012-0630,      CVE-2012-0631, CVE-2012-0632, CVE-2012-0633,      CVE-2012-0635, CVE-2012-0636, CVE-2012-0637,      CVE-2012-0638, CVE-2012-0639, CVE-2012-0648)

   - Cookies may be set by third-parties, even when Safari      is configured to block them. (CVE-2012-0640)

   - If a site uses HTTP authentication and redirects to      another site, the authentication credentials may be      sent to the other site. (CVE-2012-0647)

The version of Apple iTunes on the remote host is prior to version 10.6. It is, therefore, affected by multiple memory corruption vulnerabilities in the WebKit component. Note that these only affect iTunes for Windows.

The version of Apple iTunes installed on the remote Windows host is older than 10.6.  Thus, it is reportedly affected by numerous memory corruption vulnerabilities in its WebKit component.

According to its banner, the remote Apple iOS device is missing a security update.  Versions of Apple iOS 3.0 through 5.1 are affected by vulnerabilities within the following components :
 - CFNetwork
 - HFS
 - Kernel
 - libresolv
 - Passcode Lock
 - Safari
 - Siri
 - VPN
 - WebKit

The remote host is affected by the vulnerability described in GLSA-201111-01 (Chromium, V8: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Chromium and V8. Please       review the CVE identifiers and release notes referenced below for       details.
  Impact :

    A local attacker could gain root privileges (CVE-2011-1444, fixed in       chromium-11.0.696.57).
    A context-dependent attacker could entice a user to open a specially       crafted website or JavaScript program using Chromium or V8, possibly       resulting in the execution of arbitrary code with the privileges of the       process, or a Denial of Service condition. The attacker also could obtain       cookies and other sensitive information, conduct man-in-the-middle       attacks, perform address bar spoofing, bypass the same origin policy,       perform Cross-Site Scripting attacks, or bypass pop-up blocks.
  Workaround :

    There is no known workaround at this time.

Versions of Google Chrome earlier than 14.0.835.163 are affected by multiple vulnerabilities : 

  - A race condition exists related to the certificate cache. (Issue 49377)

  - The Windows Media Player plugin allows click-free access to the system Flash. (Issue 51464)
  - PIC / pie compiler lags are not used. (Linux only)(Issue 57908)
 - MIME types are not treated authoritatively at plugin load time. (Issue 75070)
  - An unspecified error allows V8 script object wrappers to crash. (Issue 76771)
  - The included PDF functionality contains a garbage collection error. (Issue 78639)
  - The Mac installer insecurely handles lock files. (Mac only)(Issue 80680)  - Out-of-bounds read issues exist related to media buffers, mp3 files, box handling, Khmer characters, video handling, Tibetan characters, and triangle arrays. (Issues 82438, 85041, 89991, 90134, 90173, 95563, 95625)
  - An unspecified error allows data displayed in the URL to be spoofed. (Issue 83031)
  - Use-after-free error exist related to unload event handling, the document loader, plugin handling, ruby table style handling, and the focus controller. (Issues 89219, 89330, 91197, 92651, 94800, 93420, 93587)
  - The URL bar can be spoofed in an unspecified manner related to the forward button. (Issue 89564)
  - A NULL pointer error exists related to WebSockets. Issue 89795)
  An off-by-one error exists related to the V8 JavaScript engine. (Issue 91120)
  - A stale node error exists related to CSS stylesheet handling. (Issue 92959)
  - A cross-origin bypass error exists related to the V8 JavaScript engine. (Issue 93416)
  - A double-free error exists related to XPath handling in libxml. (Issue 93472)
  - Incorrect permissions are assigned to non-gallery pages. (Issue 93497)
  - An improper string read occurs in the included PDF functionality. (Issue 93596)
  - An unspecified error allows unintended access to objects build in to the V8 JavaScript engine. (Issue 93906)
  - Self-signed certificates are not pinned properly. (Issue 95917)
  - A variable-type confusion issue exists in the V8 JavaScript engine related to object sealing. (Issue 95920)

The version of Google Chrome installed on the remote host is earlier than 14.0.835.163 and is affected by multiple vulnerabilities:

  - A race condition exists related to the certificate     cache. (Issue #49377)

  - The Windows Media Player plugin allows click-free     access to the system Flash. (Issue #51464)

  - MIME types are not treated authoritatively at plugin     load time. (Issue #75070)

  - An unspecified error allows V8 script object wrappers     to crash. (Issue #76771)

  - The included PDF functionality contains a garbage     collection error. (Issue #78639)

  - Out-of-bounds read issues exist related to media     buffers, mp3 files, box handling, Khmer characters,     video handling, Tibetan characters, and triangle     arrays. (Issues #82438, #85041, #89991, #90134, #90173,     #95563, #95625)

  - An unspecified error allows data displayed in the URL     to be spoofed. (Issue #83031)

  - Use-after-free errors exist related to unload event     handling, the document loader, plugin handling, ruby,     table style handling, and the focus controller.
    (Issues #89219, #89330, #91197, #92651, #94800, #93420,     #93587)

  - The URL bar can be spoofed in an unspecified manner     related to the forward button. (Issue #89564)

  - An NULL pointer error exists related to WebSockets.
    (Issue #89795)

  - An off-by-one error exists related to the V8 JavaScript     engine. (Issue #91120)

  - A stale node error exists related to CSS stylesheet     handling. (Issue #92959)

  - A cross-origin bypass error exists related to the V8     JavaScript engine. (Issue #93416)

  - A double-free error exists related to XPath handling     in libxml. (Issue #93472)

  - Incorrect permissions are assigned to non-gallery     pages. (Issue #93497)

  - An improper string read occurs in the included PDF     functionality. (Issue #93596)

  - An unspecified error allows unintended access to     objects built in to the V8 JavaScript engine.
    (Issue #93906)

  - Self-signed certificates are not pinned properly.
    (Issue #95917)

  - A variable-type confusion issue exists in the V8     JavaScript engine related to object sealing.
    (Issue #95920)

ID	Name	Product	Family	Severity
60028	Apple iOS < 5.1 Multiple Vulnerabilities	Nessus	Mobile Devices	high
800987	Safari < 5.1.4 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
6346	Safari < 5.1.4 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
58323	Safari < 5.1.4 Multiple Vulnerabilities	Nessus	Windows	high
58322	Mac OS X : Apple Safari < 5.1.4 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	high
58320	Apple iTunes < 10.6 Multiple Vulnerabilities (uncredentialed check)	Nessus	Peer-To-Peer File Sharing	high
58319	Apple iTunes < 10.6 Multiple Vulnerabilities (credentialed check)	Nessus	Windows	high
6344	Apple iOS < 5.1 Multiple Vulnerabilities	Nessus Network Monitor	Mobile Devices	high
56686	GLSA-201111-01 : Chromium, V8: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
800955	Google Chrome < 14.0.835.163 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
6024	Google Chrome < 14.0.835.163 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
56230	Google Chrome < 14.0.835.163 Multiple Vulnerabilities	Nessus	Windows	high
51069	FreeBSD : chromium -- multiple vulnerabilities (6887828f-0229-11e0-b84d-00262d5ed8ee)	Nessus	FreeBSD Local Security Checks	critical

CVE-2011-2846

medium

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins

high

high

high

high

high

high

high

high

high

high

high

high

critical