http://code.google.com/p/chromium/issues/detail?id=118664

http://googlechromereleases.blogspot.com/2012/05/stable-channel-update.html

openSUSE-SU-2012:0656

GLSA-201205-03

53540

1027067

chrome-window-code-execution(75592)

oval:org.mitre.oval:def:15567

Chromium update to 21.0.1145

  - Fixed several issues around audio not playing with     videos

  - Crash Fixes

  - Improvements to trackpad on Cr-48

  - Security Fixes (bnc#762481)

  - CVE-2011-3083: Browser crash with video + FTP

  - CVE-2011-3084: Load links from internal pages in their     own process.

  - CVE-2011-3085: UI corruption with long autofilled values

  - CVE-2011-3086: Use-after-free with style element.

  - CVE-2011-3087: Incorrect window navigation

  - CVE-2011-3088: Out-of-bounds read in hairline drawing

  - CVE-2011-3089: Use-after-free in table handling.

  - CVE-2011-3090: Race condition with workers.

  - CVE-2011-3091: Use-after-free with indexed DB

  - CVE-2011-3092: Invalid write in v8 regex

  - CVE-2011-3093: Out-of-bounds read in glyph handling

  - CVE-2011-3094: Out-of-bounds read in Tibetan handling

  - CVE-2011-3095: Out-of-bounds write in OGG container.

  - CVE-2011-3096: Use-after-free in GTK omnibox handling.

  - CVE-2011-3098: Bad search path for Windows Media Player     plug-in

  - CVE-2011-3100: Out-of-bounds read drawing dash paths.

  - CVE-2011-3101: Work around Linux Nvidia driver bug

  - CVE-2011-3102: Off-by-one out-of-bounds write in libxml.

The remote host is affected by the vulnerability described in GLSA-201205-03 (Chromium, V8: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Chromium and V8. Please       review the CVE identifiers and release notes referenced below for       details.
  Impact :

    A context-dependent attacker could entice a user to open a specially       crafted website or JavaScript program using Chromium or V8, possibly       resulting in the execution of arbitrary code with the privileges of the       process, or a Denial of Service condition.
  Workaround :

    There is no known workaround at this time.

Versions of Google Chrome earlier than 19.0.1084.46 are potentially affected by the following vulnerabilities :

  - Video content with FTP can cause crashes. (CVE-2011-3083)

  - Internal links are not loaded in their own process. (CVE-2011-3084)

  - Lenghty auto-filled values can corrupt the user interface. (CVE-2011-3085)

  - User-after free errors exist related to style elements, table handling, indexed DBs, GTK 'omnibox' handling, and corrupt font enconding names related to PDF handling. (CVE-2011-3086, CVE-2011-3089, CVE-2011-3091, CVE-2011-3096, CVE-2011-3099)

  - An error exists related to windows navigation. (CVE-2011-3087)

  - Out-of-bounds read errors exist to hairline drawing, glyph handling, Tibetan, OGG containers, PDF sampled functions and drawing dash paths. (CVE-2011-3088, CVE-2011-3093, CVE-2011-3094, CVE-2011-3095, CVE-2011-3097, CVE-2011-3100)

  - A race condition related to workers exists. (CVE-2011-3090)

  - An invalid write exists in the v8 regex processing. (CVE-2011-3092)

  - An error exists related to Windows Media Player plugin and the search path. (CVE-2011-3098)

  - An off-by-one out-of-bounds write error exists in libxml. (CVE-2011-3098)

The version of Google Chrome installed on the remote host is earlier than 19.0.1084.46 and is, therefore, affected by the following vulnerabilities :

  - Video content with FTP can cause crashes.
    (CVE-2011-3083)

  - Internal links are not loaded in their own process.
    (CVE-2011-3084)

  - Lengthy auto-filled values can corrupt the user     interface. (CVE-2011-3085)

  - Use-after free errors exist related to style elements,     table handling, indexed DBs, GTK 'omnibox' handling,     and corrupt font encoding names related to PDF handling.
    (CVE-2011-3086, CVE-2011-3089, CVE-2011-3091,     CVE-2011-3096, CVE-2011-3099)

  - An error exists related to windows navigation.
    (CVE-2011-3087)

  - Out-of-bounds read errors exist related to hairline     drawing, glyph handling, Tibetan, OGG containers, PDF     sampled functions and drawing dash paths.
    (CVE-2011-3088, CVE-2011-3093, CVE-2011-3094,     CVE-2011-3095, CVE-2011-3097, CVE-2011-3100)

  - A race condition related to workers exists.
    (CVE-2011-3090)

  - An invalid write exists in the v8 regex processing.
    (CVE-2011-3092)

  - An error exists related to Windows Media Player plugin     and the search path. (CVE-2011-3098)

  - An off-by-one out-of-bounds write error exists in     libxml. (CVE-2011-3102)

Google Chrome Releases reports :

[112983] Low CVE-2011-3083: Browser crash with video + FTP. Credit to Aki Helin of OUSPG.

[113496] Low CVE-2011-3084: Load links from internal pages in their own process. Credit to Brett Wilson of the Chromium development community.

[118374] Medium CVE-2011-3085: UI corruption with long autofilled values. Credit to 'psaldorn'.

[118642] High CVE-2011-3086: Use-after-free with style element. Credit to Arthur Gerkis.

[118664] Low CVE-2011-3087: Incorrect window navigation. Credit to Charlie Reis of the Chromium development community.

[120648] Medium CVE-2011-3088: Out-of-bounds read in hairline drawing.
Credit to Aki Helin of OUSPG.

[120711] High CVE-2011-3089: Use-after-free in table handling. Credit to miaubiz.

[121223] Medium CVE-2011-3090: Race condition with workers. Credit to Arthur Gerkis.

[121734] High CVE-2011-3091: Use-after-free with indexed DB. Credit to Google Chrome Security Team (Inferno).

[122337] High CVE-2011-3092: Invalid write in v8 regex. Credit to Christian Holler.

[122585] Medium CVE-2011-3093: Out-of-bounds read in glyph handling.
Credit to miaubiz.

[122586] Medium CVE-2011-3094: Out-of-bounds read in Tibetan handling.
Credit to miaubiz.

[123481] High CVE-2011-3095: Out-of-bounds write in OGG container.
Credit to Hannu Heikkinen.

[Linux only] [123530] Low CVE-2011-3096: Use-after-free in GTK omnibox handling. Credit to Arthur Gerkis.

[123733] [124182] High CVE-2011-3097: Out-of-bounds write in sampled functions with PDF. Credit to Kostya Serebryany of Google and Evgeniy Stepanov of Google.

[124479] High CVE-2011-3099: Use-after-free in PDF with corrupt font encoding name. Credit to Mateusz Jurczyk of Google Security Team and Gynvael Coldwind of Google Security Team.

[124652] Medium CVE-2011-3100: Out-of-bounds read drawing dash paths.
Credit to Google Chrome Security Team (Inferno).

ID	Name	Product	Family	Severity
74634	openSUSE Security Update : chromium / v8 (openSUSE-SU-2012:0656-1)	Nessus	SuSE Local Security Checks	critical
59627	GLSA-201205-03 : Chromium, V8: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
800898	Google Chrome < 19.0.1084.46 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
6487	Google Chrome < 19.0.1084.46 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
59117	Google Chrome < 19.0.1084.46 Multiple Vulnerabilities	Nessus	Windows	critical
59103	FreeBSD : chromium -- multiple vulnerabilities (1449af37-9eba-11e1-b9c1-00262d5ed8ee)	Nessus	FreeBSD Local Security Checks	critical

CVE-2011-3087

HIGH

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

Vulnerable Software

Configuration 1

Tenable Plugins

critical

critical

high

high

critical

critical