Multiple vulnerabilities in Techland Chrome
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 21 |
| CVE-ID | CVE-2011-1456 CVE-2011-1303 CVE-2011-1304 CVE-2011-1434 CVE-2011-1435 CVE-2011-1437 CVE-2011-1438 CVE-2011-1440 CVE-2011-1441 CVE-2011-1442 CVE-2011-1443 CVE-2011-1445 CVE-2011-1446 CVE-2011-1447 CVE-2011-1448 CVE-2011-1449 CVE-2011-1450 CVE-2011-1451 CVE-2011-1452 CVE-2011-1454 CVE-2011-1455 |
| CWE-ID | CWE-20 CWE-276 CWE-190 CWE-416 CWE-704 CWE-125 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Google Chrome Client/Desktop applications / Web browsers |
| Vendor |
Security Bulletin
This security bulletin contains information about 21 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU45064
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-1456
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google Chrome before 11.0.696.57 does not properly handle PDF forms, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale pointers."
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 11.0.696.0 - 11.0.696.56
CPE2.3- cpe:2.3:a:google:google_chrome:11.0.696.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:11.0.696.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:11.0.696.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=79364
http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html
http://exchange.xforce.ibmcloud.com/vulnerabilities/67162
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14356
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU45065
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-1303
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google Chrome before 11.0.696.57 does not properly handle floating objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 11.0.696.0 - 11.0.696.56
CPE2.3- cpe:2.3:a:google:google_chrome:11.0.696.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:11.0.696.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:11.0.696.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=61502
http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13705
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Input validation error
EUVDB-ID: #VU45066
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-1304
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate data.
Unspecified vulnerability in Google Chrome before 11.0.696.57 allows remote attackers to bypass the pop-up blocker via vectors related to plug-ins.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 11.0.696.0 - 11.0.696.56
CPE2.3- cpe:2.3:a:google:google_chrome:11.0.696.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:11.0.696.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:11.0.696.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=70538
http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14399
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Input validation error
EUVDB-ID: #VU45067
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-1434
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google Chrome before 11.0.696.57 does not ensure thread safety during handling of MIME data, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 11.0.696.0 - 11.0.696.56
CPE2.3- cpe:2.3:a:google:google_chrome:11.0.696.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:11.0.696.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:11.0.696.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=71586
http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html
http://exchange.xforce.ibmcloud.com/vulnerabilities/67141
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14196
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Incorrect default permissions
EUVDB-ID: #VU45068
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-1435
CWE-ID:
CWE-276 - Incorrect Default Permissions
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
Google Chrome before 11.0.696.57 does not properly implement the tabs permission for extensions, which allows remote attackers to read local files via a crafted extension.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 11.0.696.0 - 11.0.696.56
CPE2.3- cpe:2.3:a:google:google_chrome:11.0.696.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:11.0.696.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:11.0.696.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=72523
http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html
http://exchange.xforce.ibmcloud.com/vulnerabilities/67142
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14586
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Integer overflow
EUVDB-ID: #VU45069
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-1437
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Multiple integer overflows in Google Chrome before 11.0.696.57 allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to float rendering.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 11.0.696.0 - 11.0.696.56
CPE2.3- cpe:2.3:a:google:google_chrome:11.0.696.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:11.0.696.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:11.0.696.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=73526
http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html
http://exchange.xforce.ibmcloud.com/vulnerabilities/67144
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14601
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Input validation error
EUVDB-ID: #VU45070
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-1438
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google Chrome before 11.0.696.57 allows remote attackers to bypass the Same Origin Policy via vectors involving blobs.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 11.0.696.0 - 11.0.696.56
CPE2.3- cpe:2.3:a:google:google_chrome:11.0.696.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:11.0.696.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:11.0.696.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=74653
http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html
http://exchange.xforce.ibmcloud.com/vulnerabilities/67145
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14621
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Use-after-free
EUVDB-ID: #VU45071
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-1440
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing vectors related to the ruby element and Cascading Style Sheets (CSS) token sequences. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate to version 11.0.696.57.
Vulnerable software versionsGoogle Chrome: 11.0.696.0 - 11.0.696.56
CPE2.3- cpe:2.3:a:google:google_chrome:11.0.696.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:11.0.696.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:11.0.696.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=75186
http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html
http://support.apple.com/kb/HT4981
http://support.apple.com/kb/HT5000
http://www.debian.org/security/2011/dsa-2245
http://exchange.xforce.ibmcloud.com/vulnerabilities/67147
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14083
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Type conversion
EUVDB-ID: #VU45072
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-1441
CWE-ID:
CWE-704 - Type conversion
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google Chrome before 11.0.696.57 does not properly perform a cast of an unspecified variable during handling of floating select lists, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted HTML document.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 11.0.696.0 - 11.0.696.56
CPE2.3- cpe:2.3:a:google:google_chrome:11.0.696.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:11.0.696.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:11.0.696.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=75347
http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html
http://exchange.xforce.ibmcloud.com/vulnerabilities/67148
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14646
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Input validation error
EUVDB-ID: #VU45073
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-1442
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google Chrome before 11.0.696.57 does not properly handle mutation events, which allows remote attackers to cause a denial of service (node tree corruption) or possibly have unspecified other impact via unknown vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 11.0.696.0 - 11.0.696.56
CPE2.3- cpe:2.3:a:google:google_chrome:11.0.696.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:11.0.696.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:11.0.696.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=75801
http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html
http://exchange.xforce.ibmcloud.com/vulnerabilities/67149
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13808
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Input validation error
EUVDB-ID: #VU45074
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-1443
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google Chrome before 11.0.696.57 does not properly implement layering, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale pointers."
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 11.0.696.0 - 11.0.696.56
CPE2.3- cpe:2.3:a:google:google_chrome:11.0.696.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:11.0.696.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:11.0.696.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=76001
http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html
http://exchange.xforce.ibmcloud.com/vulnerabilities/67150
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14627
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Out-of-bounds read
EUVDB-ID: #VU45076
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-1445
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google Chrome before 11.0.696.57 does not properly handle SVG documents, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 11.0.696.0 - 11.0.696.56
CPE2.3- cpe:2.3:a:google:google_chrome:11.0.696.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:11.0.696.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:11.0.696.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=76646
http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html
http://exchange.xforce.ibmcloud.com/vulnerabilities/67152
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14557
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Input validation error
EUVDB-ID: #VU45077
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-1446
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google Chrome before 11.0.696.57 allows remote attackers to spoof the URL bar via vectors involving (1) a navigation error or (2) an interrupted load.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 11.0.696.0 - 11.0.696.56
CPE2.3- cpe:2.3:a:google:google_chrome:11.0.696.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:11.0.696.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:11.0.696.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=76666
http://code.google.com/p/chromium/issues/detail?id=77507
http://code.google.com/p/chromium/issues/detail?id=78031
http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html
http://exchange.xforce.ibmcloud.com/vulnerabilities/67153
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14560
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Input validation error
EUVDB-ID: #VU45078
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-1447
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google Chrome before 11.0.696.57 does not properly handle drop-down lists, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 11.0.696.0 - 11.0.696.56
CPE2.3- cpe:2.3:a:google:google_chrome:11.0.696.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:11.0.696.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:11.0.696.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=76966
http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html
http://exchange.xforce.ibmcloud.com/vulnerabilities/67154
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13958
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Input validation error
EUVDB-ID: #VU45079
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-1448
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google Chrome before 11.0.696.57 does not properly perform height calculations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 11.0.696.0 - 11.0.696.56
CPE2.3- cpe:2.3:a:google:google_chrome:11.0.696.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:11.0.696.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:11.0.696.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=77130
http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html
http://exchange.xforce.ibmcloud.com/vulnerabilities/67155
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14293
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Use-after-free
EUVDB-ID: #VU45080
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-1449
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing unknown vectors. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate to version 11.0.696.57.
Vulnerable software versionsGoogle Chrome: 11.0.696.0 - 11.0.696.56
CPE2.3- cpe:2.3:a:google:google_chrome:11.0.696.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:11.0.696.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:11.0.696.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=77346
http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html
http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html
http://support.apple.com/kb/HT4808
http://support.apple.com/kb/HT4981
http://support.apple.com/kb/HT4999
http://exchange.xforce.ibmcloud.com/vulnerabilities/67156
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14478
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Input validation error
EUVDB-ID: #VU45081
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-1450
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
Google Chrome before 11.0.696.57 does not properly present file dialogs, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "dangling pointers."
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 11.0.696.0 - 11.0.696.56
CPE2.3- cpe:2.3:a:google:google_chrome:11.0.696.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:11.0.696.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:11.0.696.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=77349
http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html
http://exchange.xforce.ibmcloud.com/vulnerabilities/67157
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14633
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Input validation error
EUVDB-ID: #VU45082
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-1451
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google Chrome before 11.0.696.57 does not properly handle DOM id maps, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "dangling pointers."
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 11.0.696.0 - 11.0.696.56
CPE2.3- cpe:2.3:a:google:google_chrome:11.0.696.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:11.0.696.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:11.0.696.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=77463
http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html
http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html
http://support.apple.com/kb/HT4808
http://support.apple.com/kb/HT4981
http://support.apple.com/kb/HT4999
http://exchange.xforce.ibmcloud.com/vulnerabilities/67158
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14279
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Input validation error
EUVDB-ID: #VU45083
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-1452
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google Chrome before 11.0.696.57 allows user-assisted remote attackers to spoof the URL bar via vectors involving a redirect and a manual reload.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 11.0.696.0 - 11.0.696.56
CPE2.3- cpe:2.3:a:google:google_chrome:11.0.696.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:11.0.696.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:11.0.696.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=77786
http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html
http://exchange.xforce.ibmcloud.com/vulnerabilities/67159
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14759
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Use-after-free
EUVDB-ID: #VU45084
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-1454
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing a crafted HTML document. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate to version 11.0.696.57.
Vulnerable software versionsGoogle Chrome: 11.0.696.0 - 11.0.696.56
CPE2.3- cpe:2.3:a:google:google_chrome:11.0.696.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:11.0.696.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:11.0.696.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=79199
http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html
http://exchange.xforce.ibmcloud.com/vulnerabilities/67160
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14469
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Out-of-bounds read
EUVDB-ID: #VU45085
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-1455
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google Chrome before 11.0.696.57 does not properly handle PDF documents with multipart encoding, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted document.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 11.0.696.0 - 11.0.696.56
CPE2.3- cpe:2.3:a:google:google_chrome:11.0.696.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:11.0.696.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:11.0.696.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=79361
http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html
http://exchange.xforce.ibmcloud.com/vulnerabilities/67161
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14136
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
