http://code.google.com/p/chromium/issues/detail?id=118185

http://googlechromereleases.blogspot.com/2012/04/stable-and-beta-channel-updates.html

81040

48732

48749

GLSA-201204-03

52913

1026892

chrome-v8bindings-code-execution(74630)

oval:org.mitre.oval:def:15521

The remote host is affected by the vulnerability described in GLSA-201204-03 (Chromium: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Chromium. Please review       the CVE identifiers and release notes referenced below for details.
  Impact :

    A remote attacker could entice a user to open a specially crafted web       site using Chromium, possibly resulting in the execution of arbitrary       code with the privileges of the process, a Denial of Service condition,       or bypass of the same origin policy.
  Workaround :

    There is no known workaround at this time.

 

Versions of Google Chrome earlier than 18.0.1025.151 are potentially affected by the following vulnerabilities :

  - An out-of-bounds read issue exists related to 'Skia' clipping. (CVE-2011-3066)

  - An error exists related to cross-origin iframe replacement. (CVE-2011-3067)

  - Use-after-free errors exist related to 'run-in' handling, line box editing, v8 JavaScript engine bindings, 'HTMLMediaElemet', SVG resource handling, media handling, style command application, and focus handling. (CVE-2011-3068, CVE-2011-3069, CVE-2011-3070, CVE-2011-3071, CVE-2011-3073, CVE-2011-3074, CVE-2011-3075, CVE-2011-3076)

  - A cross-origin violation error exists related to pop-up windows. (CVE-2011-3072)

  - A read-after-free error exists related to script binding. (CVE-2011-3077)\
  - The bundled Adobe Flash Player is vulnerable to several memory corruption issues that can lead to arbitrary code execution. (CVE-2012-0724, CVE-2012-0725)

The version of Google Chrome installed on the remote host is earlier than 18.0.1025.151 and is, therefore, affected by the following vulnerabilities :

  - An out-of-bounds read issue exists related to 'Skia'     clipping. (CVE-2011-3066)

  - An error exists related to cross-origin iframe     replacement. (CVE-2011-3067)

  - Use-after-free errors exist related to 'run-in'     handling, line box editing, v8 JavaScript engine     bindings, 'HTMLMediaElement', SVG resource handling,     media handling, style command application, and focus     handling. (CVE-2011-3068, CVE-2011-3069, CVE-2011-3070,     CVE-2011-3071, CVE-2011-3073, CVE-2011-3074,     CVE-2011-3075, CVE-2011-3076)

  - A cross-origin violation error exists related to pop-up     windows. (CVE-2011-3072)

  - A read-after-free error exists related to script     binding. (CVE-2011-3077)

  - The bundled Adobe Flash Player is vulnerable to several     memory corruption issues that can lead to arbitrary     code execution. (CVE-2012-0724, CVE-2012-0725)

Google Chrome Releases reports :

[106577] Medium CVE-2011-3066: Out-of-bounds read in Skia clipping.
Credit to miaubiz.

[117583] Medium CVE-2011-3067: Cross-origin iframe replacement. Credit to Sergey Glazunov.

[117698] High CVE-2011-3068: Use-after-free in run-in handling. Credit to miaubiz.

[117728] High CVE-2011-3069: Use-after-free in line box handling.
Credit to miaubiz.

[118185] High CVE-2011-3070: Use-after-free in v8 bindings. Credit to Google Chrome Security Team (SkyLined).

[118273] High CVE-2011-3071: Use-after-free in HTMLMediaElement.
Credit to pa_kt, reporting through HP TippingPoint ZDI (ZDI-CAN-1528).

[118467] Low CVE-2011-3072: Cross-origin violation parenting pop-up window. Credit to Sergey Glazunov.

[118593] High CVE-2011-3073: Use-after-free in SVG resource handling.
Credit to Arthur Gerkis.

[119281] Medium CVE-2011-3074: Use-after-free in media handling.
Credit to Slawomir Blazek.

[119525] High CVE-2011-3075: Use-after-free applying style command.
Credit to miaubiz.

[120037] High CVE-2011-3076: Use-after-free in focus handling. Credit to miaubiz.

[120189] Medium CVE-2011-3077: Read-after-free in script bindings.
Credit to Google Chrome Security Team (Inferno).

ID	Name	Product	Family	Severity
59619	GLSA-201204-03 : Chromium: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	medium
800927	Google Chrome < 18.0.1025.151 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
6403	Google Chrome < 18.0.1025.151 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
58644	Google Chrome < 18.0.1025.151 Multiple Vulnerabilities	Nessus	Windows	high
58609	FreeBSD : chromium -- multiple vulnerabilities (057130e6-7f61-11e1-8a43-00262d5ed8ee)	Nessus	FreeBSD Local Security Checks	high

CVE-2011-3070

MEDIUM

Description

References

Details

Risk Information

CVSS v2.0

Vulnerable Software

Configuration 1

Tenable Plugins

medium

high

high

high

high