http://code.google.com/p/chromium/issues/detail?id=95671

http://googlechromereleases.blogspot.com/2011/10/stable-channel-update.html

oval:org.mitre.oval:def:14470

The version of Google Chrome installed on the remote host is earlier than 14.0.835.202.  It therefore is potentially affected by the following vulnerabilities :

  - Use-after-free errors exist that are related to text     line box handling and the v8 JavaScript engine     bindings. (CVE-2011-2876, CVE-2011-2880)

  - An unspecified error exists related to stale fonts in     SVG text handling. (CVE-2011-2877)

  - A cross-origin violation error exists that could allow     access to the window prototype. (CVE-2011-2878)

  - Lifetime and threading errors exist that are related to     audio node handling. (CVE-2011-2879)

  - Unspecified errors related to hidden v8 objects and     shader translators exist that could allow memory     corruption. (CVE-2011-2881, CVE-2011-3873)

Versions of Google Chrome earlier than 14.0.835.202 are affected by multiple vulnerabilities : 

  - A use-after-free issue exists in text line box handling. (Issue 93788)

  - A stale font issue exists in SVG text handling. (Issue 95072)

  - An inappropriate cross-origin access to the window prototype exists. (Issue 95671)

  - Lifetime and threading issues exist in audio node handling. (Issue 96150)

  - A use-after-free issue exists in the v8 bindings. (Issues 97451, 97520, 97615)

  - A memory corruption issue exists in v8 hidden objects. (Issue 97784)

  - A memory corruption issue exists in the shader translator. (Issue 98089)

ID	Name	Product	Family	Severity
56391	Google Chrome < 14.0.835.202 Multiple Vulnerabilities	Nessus	Windows	high
800905	Google Chrome < 14.0.835.202 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
6032	Google Chrome < 14.0.835.202 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
51069	FreeBSD : chromium -- multiple vulnerabilities (6887828f-0229-11e0-b84d-00262d5ed8ee)	Nessus	FreeBSD Local Security Checks	critical

CVE-2011-2878

HIGH

Description

References

Details

Risk Information

CVSS v2.0

Vulnerable Software

Configuration 1

Tenable Plugins

high

high

high

critical