http://code.google.com/p/chromium/issues/detail?id=112670

http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.html

48016

oval:org.mitre.oval:def:14869

Chromium version 19.0.1046 and v8 version 3.9.7.0 fix several security issues.

The remote host is affected by the vulnerability described in GLSA-201202-01 (Chromium: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Chromium. Please review       the CVE identifiers and release notes referenced below for details.
  Impact :

    A remote attacker could entice a user to open a specially crafted web       site using Chromium, possibly resulting in the execution of arbitrary       code with the privileges of the process, a Denial of Service condition,       information leak (clipboard contents), bypass of the Same Origin Policy,       or escape from NativeClient's sandbox.
    A remote attacker could also entice the user to perform a set of UI       actions (drag and drop) to trigger an URL bar spoofing vulnerability.
  Workaround :

    There is no known workaround at this time.

 

Versions of Google Chrome earlier than 17.0.963.56 are potentially affected by the following vulnerabilities :

  - Integer overflow errors exist related to PDF codecs and libpng. (CVE-2011-3015, CVE-2011-3026)

  - A read-after-free error exists related to 'counter nodes'. (CVE-2011-3016)

  - Use-after-free errors exist related to database handling, subframe loading, and ddrag-and-drop functionality. (CVE-2011-3017, CVE-2011-3021, CVE-2011-3023)

  - Heap-overflow errors exist related to path rendering and 'MKV' handling. (CVE-2011-3018, CVE-2011-3019)

  - Unspecified errors exist related to the native client validator and HTTP use with translation scripts. (CVE-2011-3020, CVE-2011-3022)

  - Empty x509 certificates can cause browser crashes. (CVE-2011-3024)

  - An out-of-bounds read error exists related to h.264 parsing. (CVE-2011-3025)

  - A bad variable cast exists related to column handling. (CVE-2011-3027)

The version of Google Chrome installed on the remote host is earlier than 17.0.963.56 and is, therefore, affected by the following vulnerabilities:

  - Integer overflow errors exist related to PDF codecs and     libpng. (CVE-2011-3015, CVE-2011-3026)

  - A read-after-free error exists related to 'counter     nodes'. (CVE-2011-3016)

  - Use-after-free errors exist related to database     handling, subframe loading, and drag-and-drop     functionality. (CVE-2011-3017, CVE-2011-3021,     CVE-2011-3023)

  - Heap-overflow errors exist related to path rendering and     'MKV' handling. (CVE-2011-3018, CVE-2011-3019)

  - Unspecified errors exist related to the native     client validator and HTTP use with translation scripts.
    (CVE-2011-3020, CVE-2011-3022)

  - Empty x509 certificates can cause browser crashes.
    (CVE-2011-3024)

  - An out-of-bounds read error exists related to h.264     parsing. (CVE-2011-3025)

  - A bad variable cast exists related to column handling.
    (CVE-2011-3027)

Google Chrome Releases reports :

[105803] High CVE-2011-3015: Integer overflows in PDF codecs. Credit to Google Chrome Security Team (scarybeasts).

[106336] Medium CVE-2011-3016: Read-after-free with counter nodes.
Credit to miaubiz.

[108695] High CVE-2011-3017: Possible use-after-free in database handling. Credit to miaubiz.

[110172] High CVE-2011-3018: Heap overflow in path rendering. Credit to Aki Helin of OUSPG.

[110849] High CVE-2011-3019: Heap buffer overflow in MKV handling.
Credit to Google Chrome Security Team (scarybeasts) and Mateusz Jurczyk of the Google Security Team.

[111575] Medium CVE-2011-3020: Native client validator error. Credit to Nick Bray of the Chromium development community.

[111779] High CVE-2011-3021: Use-after-free in subframe loading.
Credit to Arthur Gerkis.

[112236] Medium CVE-2011-3022: Inappropriate use of http for translation script. Credit to Google Chrome Security Team (Jorge Obes).

[112259] Medium CVE-2011-3023: Use-after-free with drag and drop.
Credit to pa_kt.

[112451] Low CVE-2011-3024: Browser crash with empty x509 certificate.
Credit to chrometot.

[112670] Medium CVE-2011-3025: Out-of-bounds read in h.264 parsing.
Credit to Slawomir Blazek.

[112822] High CVE-2011-3026: Integer overflow / truncation in libpng.
Credit to Juri Aedla.

[112847] Medium CVE-2011-3027: Bad cast in column handling. Credit to miaubiz.

ID	Name	Product	Family	Severity
74563	openSUSE Security Update : chromium / v8 (openSUSE-2012-142)	Nessus	SuSE Local Security Checks	high
58025	GLSA-201202-01 : Chromium: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
800966	Google Chrome < 17.0.963.56 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
6322	Google Chrome < 17.0.963.56 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
57974	Google Chrome < 17.0.963.56 Multiple Vulnerabilities	Nessus	Windows	high
57968	FreeBSD : chromium -- multiple vulnerabilities (2f5ff968-5829-11e1-8288-00262d5ed8ee)	Nessus	FreeBSD Local Security Checks	high

CVE-2011-3025

medium

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

Vulnerable Software

Configuration 1

Tenable Plugins

high

high

high

high

high

high