Google Chrome < 14.0.835.163 Multiple Vulnerabilities

High Log Correlation Engine Plugin ID 800955

Synopsis

The remote host contains a web browser that is vulnerable to multiple attack vectors.

Description

Versions of Google Chrome earlier than 14.0.835.163 are affected by multiple vulnerabilities :

- A race condition exists related to the certificate cache. (Issue 49377)

- The Windows Media Player plugin allows click-free access to the system Flash. (Issue 51464)
- PIC / pie compiler lags are not used. (Linux only)(Issue 57908)
- MIME types are not treated authoritatively at plugin load time. (Issue 75070)
- An unspecified error allows V8 script object wrappers to crash. (Issue 76771)
- The included PDF functionality contains a garbage collection error. (Issue 78639)
- The Mac installer insecurely handles lock files. (Mac only)(Issue 80680) - Out-of-bounds read issues exist related to media buffers, mp3 files, box handling, Khmer characters, video handling, Tibetan characters, and triangle arrays. (Issues 82438, 85041, 89991, 90134, 90173, 95563, 95625)
- An unspecified error allows data displayed in the URL to be spoofed. (Issue 83031)
- Use-after-free error exist related to unload event handling, the document loader, plugin handling, ruby table style handling, and the focus controller. (Issues 89219, 89330, 91197, 92651, 94800, 93420, 93587)
- The URL bar can be spoofed in an unspecified manner related to the forward button. (Issue 89564)
- A NULL pointer error exists related to WebSockets. Issue 89795)
An off-by-one error exists related to the V8 JavaScript engine. (Issue 91120)
- A stale node error exists related to CSS stylesheet handling. (Issue 92959)
- A cross-origin bypass error exists related to the V8 JavaScript engine. (Issue 93416)
- A double-free error exists related to XPath handling in libxml. (Issue 93472)
- Incorrect permissions are assigned to non-gallery pages. (Issue 93497)
- An improper string read occurs in the included PDF functionality. (Issue 93596)
- An unspecified error allows unintended access to objects build in to the V8 JavaScript engine. (Issue 93906)
- Self-signed certificates are not pinned properly. (Issue 95917)
- A variable-type confusion issue exists in the V8 JavaScript engine related to object sealing. (Issue 95920)

Solution

Upgrade to Google Chrome 14.0.835.163 or later.

See Also

googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html

Plugin Details

Severity: High

ID: 800955

File Name: 800955.prm

Family: Web Clients

Published: 2011/09/21

Nessus ID: 56230

Risk Information

Risk Factor: High

CVSSv2

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

Patch Publication Date: 2011/09/20

Vulnerability Publication Date: 2011/09/20

Reference Information

CVE: CVE-2011-2834, CVE-2011-2835, CVE-2011-2836, CVE-2011-2837, CVE-2011-2838, CVE-2011-2839, CVE-2011-2840, CVE-2011-2841, CVE-2011-2842, CVE-2011-2843, CVE-2011-2844, CVE-2011-2846, CVE-2011-2847, CVE-2011-2848, CVE-2011-2849, CVE-2011-2850, CVE-2011-2851, CVE-2011-2852, CVE-2011-2853, CVE-2011-2854, CVE-2011-2855, CVE-2011-2856, CVE-2011-2857, CVE-2011-2858, CVE-2011-2859, CVE-2011-2860, CVE-2011-2861, CVE-2011-2862, CVE-2011-2864, CVE-2011-2874, CVE-2011-2875, CVE-2011-3234

BID: 49658, 49933