Debian DSA-2189-1 : chromium-browser - several vulnerabilities

high Nessus Plugin ID 52621

Synopsis

The remote Debian host is missing a security-related update.

Description

Several vulnerabilities were discovered in the Chromium browser. The Common Vulnerabilities and Exposures project identifies the following problems :

- CVE-2011-1108 Google Chrome before 9.0.597.107 does not properly implement JavaScript dialogs, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted HTML document.

- CVE-2011-1109 Google Chrome before 9.0.597.107 does not properly process nodes in Cascading Style Sheets (CSS) stylesheets, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a 'stale pointer'.

- CVE-2011-1113 Google Chrome before 9.0.597.107 on 64-bit Linux platforms does not properly perform pickle deserialization, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

- CVE-2011-1114 Google Chrome before 9.0.597.107 does not properly handle tables, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a 'stale node'.

- CVE-2011-1115 Google Chrome before 9.0.597.107 does not properly render tables, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a 'stale pointer'.

- CVE-2011-1121 Integer overflow in Google Chrome before 9.0.597.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a TEXTAREA element.

- CVE-2011-1122 The WebGL implementation in Google Chrome before 9.0.597.107 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, aka Issue 71960.

- In addition, this upload fixes the following issues (they don't have a CVE id yet) :

- Out-of-bounds read in text searching. [69640]
- Memory corruption in SVG fonts. [72134]

- Memory corruption with counter nodes. [69628]

- Stale node in box layout. [70027]

- Cross-origin error message leak with workers. [70336]

- Stale pointer in table painting. [72028]

- Stale pointer with SVG cursors. [73746]

Solution

Upgrade the chromium-browser packages.

For the stable distribution (squeeze), these problems have been fixed in version 6.0.472.63~r59945-5+squeeze3.

See Also

https://security-tracker.debian.org/tracker/CVE-2011-1108

https://security-tracker.debian.org/tracker/CVE-2011-1109

https://security-tracker.debian.org/tracker/CVE-2011-1113

https://security-tracker.debian.org/tracker/CVE-2011-1114

https://security-tracker.debian.org/tracker/CVE-2011-1115

https://security-tracker.debian.org/tracker/CVE-2011-1121

https://security-tracker.debian.org/tracker/CVE-2011-1122

https://packages.debian.org/source/squeeze/chromium-browser

https://www.debian.org/security/2011/dsa-2189

Plugin Details

Severity: High

ID: 52621

File Name: debian_DSA-2189.nasl

Version: 1.12

Type: local

Agent: unix

Published: 3/11/2011

Updated: 1/4/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: E:U/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:chromium-browser, cpe:/o:debian:debian_linux:6.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Ease: No known exploits are available

Patch Publication Date: 3/10/2011

Reference Information

CVE: CVE-2011-1108, CVE-2011-1109, CVE-2011-1113, CVE-2011-1114, CVE-2011-1115, CVE-2011-1121, CVE-2011-1122

BID: 46614

DSA: 2189