Multiple vulnerabilities in Techland Chrome
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 20 |
| CVE-ID | CVE-2011-1200 CVE-2011-1201 CVE-2011-1203 CVE-2011-1204 CVE-2011-1285 CVE-2011-1286 CVE-2011-1413 CVE-2011-1190 CVE-2011-1191 CVE-2011-1193 CVE-2011-1194 CVE-2011-1195 CVE-2011-1196 CVE-2011-1197 CVE-2011-1198 CVE-2011-1199 CVE-2011-1185 CVE-2011-1187 CVE-2011-1188 CVE-2011-1189 |
| CWE-ID | CWE-704 CWE-20 CWE-119 CWE-200 CWE-416 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Google Chrome Client/Desktop applications / Web browsers |
| Vendor |
Security Bulletin
This security bulletin contains information about 20 vulnerabilities.
1) Type conversion
EUVDB-ID: #VU45233
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-1200
CWE-ID:
CWE-704 - Type conversion
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google Chrome before 10.0.648.127 does not properly perform a cast of an unspecified variable during text rendering, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 10.0.648.0 - 10.0.648.126
CPE2.3- cpe:2.3:a:google:google_chrome:10.0.648.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:10.0.648.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:10.0.648.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=73134
http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html
http://www.securityfocus.com/bid/46785
http://www.vupen.com/english/advisories/2011/0628
http://exchange.xforce.ibmcloud.com/vulnerabilities/65964
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14419
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU45234
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-1201
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The context implementation in WebKit, as used in Google Chrome before 10.0.648.127, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 10.0.648.0 - 10.0.648.126
CPE2.3- cpe:2.3:a:google:google_chrome:10.0.648.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:10.0.648.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:10.0.648.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=73196
http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html
http://www.securityfocus.com/bid/46785
http://www.vupen.com/english/advisories/2011/0628
http://exchange.xforce.ibmcloud.com/vulnerabilities/65965
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14089
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Input validation error
EUVDB-ID: #VU45235
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-1203
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google Chrome before 10.0.648.127 does not properly handle SVG cursors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 10.0.648.0 - 10.0.648.126
CPE2.3- cpe:2.3:a:google:google_chrome:10.0.648.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:10.0.648.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:10.0.648.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=73746
http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html
http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html
http://support.apple.com/kb/HT4808
http://support.apple.com/kb/HT4981
http://support.apple.com/kb/HT4999
http://www.securityfocus.com/bid/46785
http://www.vupen.com/english/advisories/2011/0628
http://exchange.xforce.ibmcloud.com/vulnerabilities/65967
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14355
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Input validation error
EUVDB-ID: #VU45236
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-1204
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google Chrome before 10.0.648.127 does not properly handle attributes, which allows remote attackers to cause a denial of service (DOM tree corruption) or possibly have unspecified other impact via a crafted document.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 10.0.648.0 - 10.0.648.126
CPE2.3- cpe:2.3:a:google:google_chrome:10.0.648.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:10.0.648.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:10.0.648.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=74030
http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html
http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html
http://support.apple.com/kb/HT4808
http://support.apple.com/kb/HT4981
http://support.apple.com/kb/HT4999
http://www.securityfocus.com/bid/46785
http://www.vupen.com/english/advisories/2011/0628
http://exchange.xforce.ibmcloud.com/vulnerabilities/65968
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13585
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Buffer overflow
EUVDB-ID: #VU45237
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-1285
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The regular-expression functionality in Google Chrome before 10.0.648.127 does not properly implement reentrancy, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 10.0.648.0 - 10.0.648.126
CPE2.3- cpe:2.3:a:google:google_chrome:10.0.648.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:10.0.648.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:10.0.648.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=74662
http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html
http://www.securityfocus.com/bid/46785
http://www.vupen.com/english/advisories/2011/0628
http://exchange.xforce.ibmcloud.com/vulnerabilities/65969
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14571
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Input validation error
EUVDB-ID: #VU45238
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-1286
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google V8, as used in Google Chrome before 10.0.648.127, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger incorrect access to memory.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 10.0.648.0 - 10.0.648.126
CPE2.3- cpe:2.3:a:google:google_chrome:10.0.648.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:10.0.648.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:10.0.648.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=74675
http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html
http://www.securityfocus.com/bid/46785
http://www.vupen.com/english/advisories/2011/0628
http://exchange.xforce.ibmcloud.com/vulnerabilities/65970
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14455
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Input validation error
EUVDB-ID: #VU45239
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-1413
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
Google Chrome before 10.0.648.127 on Linux does not properly mitigate an unspecified flaw in an X server, which allows remote attackers to cause a denial of service (application crash) via vectors involving long messages.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 10.0.648.0 - 10.0.648.126
CPE2.3- cpe:2.3:a:google:google_chrome:10.0.648.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:10.0.648.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:10.0.648.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=49747
http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html
http://www.securityfocus.com/bid/46785
http://www.vupen.com/english/advisories/2011/0628
http://exchange.xforce.ibmcloud.com/vulnerabilities/65949
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13922
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Information disclosure
EUVDB-ID: #VU45240
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-1190
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The Web Workers implementation in Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak."
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 10.0.648.0 - 10.0.648.126
CPE2.3- cpe:2.3:a:google:google_chrome:10.0.648.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:10.0.648.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:10.0.648.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=70336
http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html
http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html
http://support.apple.com/kb/HT4808
http://support.apple.com/kb/HT4999
http://www.securityfocus.com/bid/46785
http://www.vupen.com/english/advisories/2011/0628
http://exchange.xforce.ibmcloud.com/vulnerabilities/65954
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14398
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Use-after-free
EUVDB-ID: #VU45241
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-1191
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing vectors related to the handling of DOM URLs. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate to version 10.0.648.127.
Vulnerable software versionsGoogle Chrome: 10.0.648.0 - 10.0.648.126
CPE2.3- cpe:2.3:a:google:google_chrome:10.0.648.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:10.0.648.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:10.0.648.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=70442
http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html
http://www.securityfocus.com/bid/46785
http://www.vupen.com/english/advisories/2011/0628
http://exchange.xforce.ibmcloud.com/vulnerabilities/65955
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14765
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Input validation error
EUVDB-ID: #VU45242
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-1193
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google V8, as used in Google Chrome before 10.0.648.127, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 10.0.648.0 - 10.0.648.126
CPE2.3- cpe:2.3:a:google:google_chrome:10.0.648.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:10.0.648.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:10.0.648.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=70877
http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html
http://www.securityfocus.com/bid/46785
http://www.vupen.com/english/advisories/2011/0628
http://exchange.xforce.ibmcloud.com/vulnerabilities/65957
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14035
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Input validation error
EUVDB-ID: #VU45243
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-1194
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate data.
Multiple unspecified vulnerabilities in Google Chrome before 10.0.648.127 allow remote attackers to bypass the pop-up blocker via unknown vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 10.0.648.0 - 10.0.648.126
CPE2.3- cpe:2.3:a:google:google_chrome:10.0.648.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:10.0.648.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:10.0.648.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=70885
http://code.google.com/p/chromium/issues/detail?id=71167
http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html
http://www.securityfocus.com/bid/46785
http://www.vupen.com/english/advisories/2011/0628
http://exchange.xforce.ibmcloud.com/vulnerabilities/65958
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14461
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Use-after-free
EUVDB-ID: #VU45244
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-1195
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing vectors related to "document script lifetime handling. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate to version 10.0.648.127.
Vulnerable software versionsGoogle Chrome: 10.0.648.0 - 10.0.648.126
CPE2.3- cpe:2.3:a:google:google_chrome:10.0.648.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:10.0.648.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:10.0.648.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=71763
http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html
http://www.securityfocus.com/bid/46785
http://www.vupen.com/english/advisories/2011/0628
http://exchange.xforce.ibmcloud.com/vulnerabilities/65959
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14575
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Input validation error
EUVDB-ID: #VU45245
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-1196
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The OGG container implementation in Google Chrome before 10.0.648.127 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 10.0.648.0 - 10.0.648.126
CPE2.3- cpe:2.3:a:google:google_chrome:10.0.648.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:10.0.648.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:10.0.648.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=71788
http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html
http://www.securityfocus.com/bid/46785
http://www.vupen.com/english/advisories/2011/0628
http://exchange.xforce.ibmcloud.com/vulnerabilities/65960
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14033
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Input validation error
EUVDB-ID: #VU45246
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-1197
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google Chrome before 10.0.648.127 does not properly perform table painting, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 10.0.648.0 - 10.0.648.126
CPE2.3- cpe:2.3:a:google:google_chrome:10.0.648.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:10.0.648.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:10.0.648.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=72028
http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html
http://www.securityfocus.com/bid/46785
http://www.vupen.com/english/advisories/2011/0628
http://exchange.xforce.ibmcloud.com/vulnerabilities/65961
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14703
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Buffer overflow
EUVDB-ID: #VU45247
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-1198
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The video functionality in Google Chrome before 10.0.648.127 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger use of a malformed "out-of-bounds structure."
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 10.0.648.0 - 10.0.648.126
CPE2.3- cpe:2.3:a:google:google_chrome:10.0.648.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:10.0.648.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:10.0.648.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=73026
http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html
http://www.securityfocus.com/bid/46785
http://www.vupen.com/english/advisories/2011/0628
http://exchange.xforce.ibmcloud.com/vulnerabilities/65962
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14555
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Input validation error
EUVDB-ID: #VU45248
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-1199
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google Chrome before 10.0.648.127 does not properly handle DataView objects, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 10.0.648.0 - 10.0.648.126
CPE2.3- cpe:2.3:a:google:google_chrome:10.0.648.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:10.0.648.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:10.0.648.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=73066
http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html
http://www.securityfocus.com/bid/46785
http://www.vupen.com/english/advisories/2011/0628
http://exchange.xforce.ibmcloud.com/vulnerabilities/65963
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14584
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Input validation error
EUVDB-ID: #VU45249
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-1185
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google Chrome before 10.0.648.127 does not prevent (1) navigation and (2) close operations on the top location of a sandboxed frame, which has unspecified impact and remote attack vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 10.0.648.0 - 10.0.648.126
CPE2.3- cpe:2.3:a:google:google_chrome:10.0.648.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:10.0.648.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:10.0.648.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=42574
http://code.google.com/p/chromium/issues/detail?id=42765
http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html
http://www.securityfocus.com/bid/46785
http://www.vupen.com/english/advisories/2011/0628
http://exchange.xforce.ibmcloud.com/vulnerabilities/65948
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14349
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Information disclosure
EUVDB-ID: #VU45250
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-1187
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak."
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 10.0.648.0 - 10.0.648.126
CPE2.3- cpe:2.3:a:google:google_chrome:10.0.648.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:10.0.648.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:10.0.648.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=69187
http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html
http://secunia.com/advisories/48972
http://secunia.com/advisories/49047
http://secunia.com/advisories/49055
http://www.mozilla.org/security/announce/2012/mfsa2012-32.html
http://www.securityfocus.com/bid/46785
http://www.vupen.com/english/advisories/2011/0628
http://bugzilla.mozilla.org/show_bug.cgi?id=624621
http://exchange.xforce.ibmcloud.com/vulnerabilities/65951
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14369
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Input validation error
EUVDB-ID: #VU45251
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-1188
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google Chrome before 10.0.648.127 does not properly handle counter nodes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 10.0.648.0 - 10.0.648.126
CPE2.3- cpe:2.3:a:google:google_chrome:10.0.648.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:10.0.648.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:10.0.648.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=69628
http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html
http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html
http://support.apple.com/kb/HT4808
http://support.apple.com/kb/HT4981
http://support.apple.com/kb/HT4999
http://www.securityfocus.com/bid/46785
http://www.vupen.com/english/advisories/2011/0628
http://exchange.xforce.ibmcloud.com/vulnerabilities/65952
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14493
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Input validation error
EUVDB-ID: #VU45252
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-1189
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google Chrome before 10.0.648.127 does not properly perform box layout, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale node."
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 10.0.648.0 - 10.0.648.126
CPE2.3- cpe:2.3:a:google:google_chrome:10.0.648.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:10.0.648.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:10.0.648.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=70027
http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html
http://www.securityfocus.com/bid/46785
http://www.vupen.com/english/advisories/2011/0628
http://exchange.xforce.ibmcloud.com/vulnerabilities/65953
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14370
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
