Google Chrome < 11.0.696.57 Multiple Vulnerabilities

High Log Correlation Engine Plugin ID 800937

Synopsis

The remote host contains a web browser that is affected by a code execution vulnerability.

Description

Versions of Google Chrome earlier than 11.0.696.57 are potentially affected by multiple vulnerabilities :

- A stale pointer exists in floating point handling. (61502)

- It may be possible to bypass the pop-up blocker via plug-ins. (70538)

- A linked-list race issue exists in database handling. Note that this issue only affects Chrome on Linux and Mac OS. (70589)

- There is a lack of thread safety in MIME handling. (71586)

- A bad extension with 'tabs' permission can capture local files. (72523)

- It is possible to crash the browser due to bad interaction with X. Note that this issue only affects Chrome on Linux. (72910)- Multiple integer overflows exist in float rendering. (73526)

- A same origin policy violation exists with blobs. (74653)

- A use-after-free error exists with ruby tags and CSS. (75186)

- A bad cast exists with floating select lists. (75347)

- Corrupt node trees exists with mutation events. (75801)

- Multiple stale pointers exist in layering code. (76001)

- A race condition exists in the sandbox launcher. (76542)

- An out-of-bounds read exists in SVG. (76646)

- It is possible to spoof the URL bar with navigation errors and interrupted loads. (76666, 77507, 78031)

- A stale pointer exists in drop-down list handling. (76966)

- A stale pointer exists in height calculations. (77130)

- A use-after-free error exists in WebSockets. (77346)

- Multiple dangling pointers exist in file dialogs. (77349)

- Multiple dangling pointers exist in DOM id map. (77463)

- It is possible to spoof the URL bar with redirect and manual reload. (77786)

- A use-after-free issue exists in DOM id handling. (79199)

- An out-of-bounds read exists when handling multipart-encoded PDFs. (79361)

- Multiple stale pointers exist with PDF forms. (79364)

Solution

Upgrade to Google Chrome 11.0.696.57 or later.

See Also

googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html

Plugin Details

Severity: High

ID: 800937

File Name: 800937.prm

Family: Web Clients

Published: 2011/04/14

Nessus ID: 53569

Risk Information

Risk Factor: High

CVSSv2

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

Patch Publication Date: 2011/04/14

Vulnerability Publication Date: 2011/04/14

Reference Information

CVE: CVE-2011-1303, CVE-2011-1304, CVE-2011-1305, CVE-2011-1434, CVE-2011-1435, CVE-2011-1436, CVE-2011-1437, CVE-2011-1438, CVE-2011-1440, CVE-2011-1441, CVE-2011-1442, CVE-2011-1443, CVE-2011-1444, CVE-2011-1445, CVE-2011-1447, CVE-2011-1448, CVE-2011-1449, CVE-2011-1450, CVE-2011-1451, CVE-2011-1452, CVE-2011-1454, CVE-2011-1455, CVE-2011-1456

BID: 47604