Google Chrome < 9.0.597.107 Multiple Vulnerabilities

high Log Correlation Engine Plugin ID 800958

Synopsis

The remote host contains a web browser that is vulnerable to multiple attack vectors.

Description



Versions of Google Chrome earlier than 9.0.597.107 are potentially affected by multiple vulnerabilities :

 - An unspecified error exists in the URL bar operations which can allow spoofing attacks. (54262)

 - An unspecified error exists in the processing of JavaScript dialogs. (63732)

 - An unspecified error exists in the processing of CSS nodes which can leave stale pointers in memory. (68263)

 - An unspecified error exists in the processing of key frame rules which can leave stale pointers in memory. (68741)

 - An unspecified error exists in the processing of form controls which can lead to application crashes. (70078)

 - An unspecified error exists in the rendering of SVG animations and other SVG content which can leave stale pointers in memory. (70244, 71296)

 - An unspecified error exists in the processing of tables which can leave stale nodes behind. (71114)

 - An unspecified error exists in the processing of tables which can leave stale pointers in memory. (71115)

 - An unspecified error exists in the processing of XHTML which can leave stale nodes behind. (71386)

 - An unspecified error exists in the processing of textarea elements which can lead to application crashes. (71388)

 - An unspecified error exists in the processing of device orientation which can leave stale pointers in memory. (71595)

 - An unspecified error exists in WebGL which allows out-of-bounds memory accesses. (71717, 71960)

 - An integer overflow exists in the processing of textarea elements which can lead to application crashes. (71855)

 - A use-after-free error exists in the processing of blocked plugins. (72437)

 - An unspecified error exists int he processing of layouts which can leave stale pointers in memory. (73235)

Solution

Upgrade to Google Chrome 9.0.597.107 or later.

See Also

googlechromereleases.blogspot.com/2011/02/stable-channel-update_28.html

Plugin Details

Severity: High

ID: 800958

Family: Web Clients

Published: 3/7/2011

Updated: 3/7/2011

Nessus ID: 52501

Risk Information

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

Patch Publication Date: 2/28/2011

Vulnerability Publication Date: 2/28/2011

Reference Information

CVE: CVE-2011-1107, CVE-2011-1108, CVE-2011-1109, CVE-2011-1110, CVE-2011-1111, CVE-2011-1112, CVE-2011-1113, CVE-2011-1114, CVE-2011-1115, CVE-2011-1116, CVE-2011-1117, CVE-2011-1118, CVE-2011-1119, CVE-2011-1120, CVE-2011-1121, CVE-2011-1122, CVE-2011-1123, CVE-2011-1124, CVE-2011-1125

BID: 46614, 47020