Google Chrome < 13.0.782.215 Multiple Vulnerabilities

high Log Correlation Engine Plugin ID 800914

Synopsis

The remote host contains a web browser that is affected by a code execution vulnerability.

Description

Versions of Google Chrome earlier than 13.0.782.215 are potentially affected by multiple vulnerabilities :

- An unspecified error related to command line URL parsing. (Issue #72892)
- Use-after-free errors related to line box handling, counter nodes, custom fonts, and text searching. (Issue #82552, #88216, #88670, #90668)
- A double-free error related to libxml XPath handling. (Issue #89402)
- An error related to empty origins exists that can allow cross-domain violation. (Issue #87453)
- A memory corruption error exists related to vertex handling. (Issue #89836)
- An out-of-bounds write error exists in the v8 JavaScript engine. (Issue #91517)
- An integer overrun error exists in the handling of uniform arrays. (Issue #91598)
- An unspecified issue exists in memset() in PDF.

Solution

Upgrade to Google Chrome 13.0.782.215 or later.

See Also

googlechromereleases.blogspot.com/2011/08/stable-channel-update_22.html

Plugin Details

Severity: High

ID: 800914

Family: Web Clients

Published: 8/23/2011

Nessus ID: 55959

Risk Information

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

Patch Publication Date: 8/22/2011

Vulnerability Publication Date: 8/22/2011

Reference Information

CVE: CVE-2011-2806, CVE-2011-2821, CVE-2011-2822, CVE-2011-2823, CVE-2011-2824, CVE-2011-2825, CVE-2011-2826, CVE-2011-2827, CVE-2011-2828, CVE-2011-2829, CVE-2011-2839

BID: 49279