Multiple vulnerabilities in Techland Chrome
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 27 |
| CVE-ID | CVE-2011-2791 CVE-2011-2792 CVE-2011-2793 CVE-2011-2794 CVE-2011-2795 CVE-2011-2796 CVE-2011-2797 CVE-2011-2798 CVE-2011-2799 CVE-2011-2800 CVE-2011-2801 CVE-2011-2803 CVE-2011-2805 CVE-2011-2818 CVE-2011-2819 CVE-2011-2358 CVE-2011-2359 CVE-2011-2360 CVE-2011-2361 CVE-2011-2783 CVE-2011-2784 CVE-2011-2785 CVE-2011-2786 CVE-2011-2787 CVE-2011-2788 CVE-2011-2789 CVE-2011-2790 |
| CWE-ID | CWE-787 CWE-416 CWE-125 CWE-20 CWE-200 CWE-74 CWE-287 CWE-120 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Google Chrome Client/Desktop applications / Web browsers |
| Vendor |
Security Bulletin
This security bulletin contains information about 27 vulnerabilities.
1) Out-of-bounds write
EUVDB-ID: #VU44833
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-2791
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The International Components for Unicode (ICU) functionality in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 13.0.782.0 - 13.0.782.106
CPE2.3- cpe:2.3:a:google:google_chrome:13.0.782.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:13.0.782.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:13.0.782.3:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=86900
http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html
http://osvdb.org/74241
http://exchange.xforce.ibmcloud.com/vulnerabilities/68953
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14179
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use-after-free
EUVDB-ID: #VU44834
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-2792
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing vectors related to float removal. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate to version 13.0.782.107.
Vulnerable software versionsGoogle Chrome: 13.0.782.0 - 13.0.782.106
CPE2.3- cpe:2.3:a:google:google_chrome:13.0.782.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:13.0.782.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:13.0.782.3:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=87148
http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html
http://osvdb.org/74242
http://support.apple.com/kb/HT4981
http://support.apple.com/kb/HT4999
http://support.apple.com/kb/HT5000
http://exchange.xforce.ibmcloud.com/vulnerabilities/68954
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14511
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Use-after-free
EUVDB-ID: #VU44835
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-2793
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing vectors related to media selectors. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate to version 13.0.782.107.
Vulnerable software versionsGoogle Chrome: 13.0.782.0 - 13.0.782.106
CPE2.3- cpe:2.3:a:google:google_chrome:13.0.782.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:13.0.782.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:13.0.782.3:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=87227
http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html
http://osvdb.org/74243
http://exchange.xforce.ibmcloud.com/vulnerabilities/68955
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14554
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Out-of-bounds read
EUVDB-ID: #VU44836
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-2794
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google Chrome before 13.0.782.107 does not properly perform text iteration, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 13.0.782.0 - 13.0.782.106
CPE2.3- cpe:2.3:a:google:google_chrome:13.0.782.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:13.0.782.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:13.0.782.3:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=87298
http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html
http://osvdb.org/74244
http://exchange.xforce.ibmcloud.com/vulnerabilities/68956
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14515
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Input validation error
EUVDB-ID: #VU44837
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-2795
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
Google Chrome before 13.0.782.107 does not prevent calls to functions in other frames, which allows remote attackers to bypass intended access restrictions via a crafted web site, related to a "cross-frame function leak."
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 13.0.782.0 - 13.0.782.106
CPE2.3- cpe:2.3:a:google:google_chrome:13.0.782.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:13.0.782.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:13.0.782.3:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=87339
http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html
http://osvdb.org/74245
http://exchange.xforce.ibmcloud.com/vulnerabilities/68957
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14653
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Use-after-free
EUVDB-ID: #VU44838
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-2796
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing unknown vectors. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate to version 13.0.782.107.
Vulnerable software versionsGoogle Chrome: 13.0.782.0 - 13.0.782.106
CPE2.3- cpe:2.3:a:google:google_chrome:13.0.782.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:13.0.782.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:13.0.782.3:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=87548
http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html
http://osvdb.org/74246
http://exchange.xforce.ibmcloud.com/vulnerabilities/68958
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14093
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Use-after-free
EUVDB-ID: #VU44839
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-2797
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing vectors related to resource caching. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate to version 13.0.782.107.
Vulnerable software versionsGoogle Chrome: 13.0.782.0 - 13.0.782.106
CPE2.3- cpe:2.3:a:google:google_chrome:13.0.782.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:13.0.782.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:13.0.782.3:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=87729
http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html
http://osvdb.org/74247
http://support.apple.com/kb/HT4981
http://support.apple.com/kb/HT4999
http://support.apple.com/kb/HT5000
http://exchange.xforce.ibmcloud.com/vulnerabilities/68959
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14437
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Input validation error
EUVDB-ID: #VU44840
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-2798
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google Chrome before 13.0.782.107 does not properly restrict access to internal schemes, which allows remote attackers to have an unspecified impact via a crafted web site.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 13.0.782.0 - 13.0.782.106
CPE2.3- cpe:2.3:a:google:google_chrome:13.0.782.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:13.0.782.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:13.0.782.3:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=87815
http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html
http://osvdb.org/74248
http://exchange.xforce.ibmcloud.com/vulnerabilities/68960
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14284
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Use-after-free
EUVDB-ID: #VU44841
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-2799
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing vectors related to HTML range handling. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate to version 13.0.782.107.
Vulnerable software versionsGoogle Chrome: 13.0.782.0 - 13.0.782.106
CPE2.3- cpe:2.3:a:google:google_chrome:13.0.782.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:13.0.782.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:13.0.782.3:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=87925
http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html
http://osvdb.org/74250
http://support.apple.com/kb/HT4981
http://support.apple.com/kb/HT4999
http://support.apple.com/kb/HT5000
http://exchange.xforce.ibmcloud.com/vulnerabilities/68961
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14617
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Information disclosure
EUVDB-ID: #VU44842
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-2800
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
Google Chrome before 13.0.782.107 allows remote attackers to obtain potentially sensitive information about client-side redirect targets via a crafted web site.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 13.0.782.0 - 13.0.782.106
CPE2.3- cpe:2.3:a:google:google_chrome:13.0.782.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:13.0.782.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:13.0.782.3:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=88337
http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html
http://osvdb.org/74251
http://support.apple.com/kb/HT4999
http://support.apple.com/kb/HT5000
http://www.debian.org/security/2011/dsa-2307
http://exchange.xforce.ibmcloud.com/vulnerabilities/68962
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14711
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Use-after-free
EUVDB-ID: #VU44843
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-2801
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing vectors related to the frame loader. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate to version 13.0.782.107.
Vulnerable software versionsGoogle Chrome: 13.0.782.0 - 13.0.782.106
CPE2.3- cpe:2.3:a:google:google_chrome:13.0.782.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:13.0.782.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:13.0.782.3:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=88846
http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html
http://osvdb.org/74252
http://exchange.xforce.ibmcloud.com/vulnerabilities/68963
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14391
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Out-of-bounds read
EUVDB-ID: #VU44844
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-2803
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google Chrome before 13.0.782.107 does not properly handle Skia paths, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 13.0.782.0 - 13.0.782.106
CPE2.3- cpe:2.3:a:google:google_chrome:13.0.782.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:13.0.782.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:13.0.782.3:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=88827
http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html
http://osvdb.org/74254
http://exchange.xforce.ibmcloud.com/vulnerabilities/68965
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14333
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Improper Neutralization of Special Elements in Output Used by a Downstream Component
EUVDB-ID: #VU44845
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-2805
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google Chrome before 13.0.782.107 allows remote attackers to bypass the Same Origin Policy and conduct script injection attacks via unspecified vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 13.0.782.0 - 13.0.782.106
CPE2.3- cpe:2.3:a:google:google_chrome:13.0.782.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:13.0.782.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:13.0.782.3:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=89520
http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html
http://osvdb.org/74257
http://support.apple.com/kb/HT4999
http://support.apple.com/kb/HT5000
http://exchange.xforce.ibmcloud.com/vulnerabilities/68967
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14583
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Use-after-free
EUVDB-ID: #VU44846
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-2818
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing vectors related to display box rendering. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate to version 13.0.782.107.
Vulnerable software versionsGoogle Chrome: 13.0.782.0 - 13.0.782.106
CPE2.3- cpe:2.3:a:google:google_chrome:13.0.782.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:13.0.782.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:13.0.782.3:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=88889
http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html
http://osvdb.org/74255
http://support.apple.com/kb/HT4981
http://support.apple.com/kb/HT4999
http://support.apple.com/kb/HT5000
http://www.debian.org/security/2011/dsa-2307
http://exchange.xforce.ibmcloud.com/vulnerabilities/68968
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14674
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Input validation error
EUVDB-ID: #VU44847
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-2819
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google Chrome before 13.0.782.107 allows remote attackers to bypass the Same Origin Policy via vectors related to handling of the base URI.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 13.0.782.0 - 13.0.782.106
CPE2.3- cpe:2.3:a:google:google_chrome:13.0.782.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:13.0.782.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:13.0.782.3:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=90222
http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html
http://osvdb.org/74258
http://support.apple.com/kb/HT4999
http://support.apple.com/kb/HT5000
http://exchange.xforce.ibmcloud.com/vulnerabilities/68969
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13716
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Input validation error
EUVDB-ID: #VU44848
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-2358
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google Chrome before 13.0.782.107 does not ensure that extension installations are confirmed by a browser dialog, which makes it easier for remote attackers to modify the product's functionality via a Trojan horse extension.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 13.0.782.0 - 13.0.782.106
CPE2.3- cpe:2.3:a:google:google_chrome:13.0.782.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:13.0.782.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:13.0.782.3:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=75821
http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html
http://osvdb.org/74228
http://exchange.xforce.ibmcloud.com/vulnerabilities/68940
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14425
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Input validation error
EUVDB-ID: #VU44849
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-2359
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google Chrome before 13.0.782.107 does not properly track line boxes during rendering, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 13.0.782.0 - 13.0.782.106
CPE2.3- cpe:2.3:a:google:google_chrome:13.0.782.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:13.0.782.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:13.0.782.3:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=78841
http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html
http://osvdb.org/74229
http://support.apple.com/kb/HT4981
http://support.apple.com/kb/HT4999
http://support.apple.com/kb/HT5000
http://www.debian.org/security/2011/dsa-2307
http://exchange.xforce.ibmcloud.com/vulnerabilities/68941
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14671
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Input validation error
EUVDB-ID: #VU44850
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-2360
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate data.
Google Chrome before 13.0.782.107 does not ensure that the user is prompted before download of a dangerous file, which makes it easier for remote attackers to bypass intended content restrictions via a crafted web site.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 13.0.782.0 - 13.0.782.106
CPE2.3- cpe:2.3:a:google:google_chrome:13.0.782.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:13.0.782.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:13.0.782.3:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=79266
http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html
http://osvdb.org/74230
http://exchange.xforce.ibmcloud.com/vulnerabilities/68942
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14362
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Improper Authentication
EUVDB-ID: #VU44851
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-2361
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The Basic Authentication dialog implementation in Google Chrome before 13.0.782.107 does not properly handle strings, which might make it easier for remote attackers to capture credentials via a crafted web site.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 13.0.782.0 - 13.0.782.106
CPE2.3- cpe:2.3:a:google:google_chrome:13.0.782.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:13.0.782.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:13.0.782.3:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=79426
http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html
http://osvdb.org/74231
http://exchange.xforce.ibmcloud.com/vulnerabilities/68943
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14595
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Input validation error
EUVDB-ID: #VU44853
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-2783
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google Chrome before 13.0.782.107 does not ensure that developer-mode NPAPI extension installations are confirmed by a browser dialog, which makes it easier for remote attackers to modify the product's functionality via a Trojan horse extension.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 13.0.782.0 - 13.0.782.106
CPE2.3- cpe:2.3:a:google:google_chrome:13.0.782.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:13.0.782.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:13.0.782.3:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=83273
http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html
http://osvdb.org/74233
http://exchange.xforce.ibmcloud.com/vulnerabilities/68945
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14406
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Information disclosure
EUVDB-ID: #VU44854
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-2784
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
Google Chrome before 13.0.782.107 allows remote attackers to obtain sensitive information via a request for the GL program log, which reveals a local path in an unspecified log entry.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 13.0.782.0 - 13.0.782.106
CPE2.3- cpe:2.3:a:google:google_chrome:13.0.782.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:13.0.782.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:13.0.782.3:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=83841
http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html
http://osvdb.org/74234
http://exchange.xforce.ibmcloud.com/vulnerabilities/68946
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14580
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Input validation error
EUVDB-ID: #VU44855
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-2785
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate data.
The extensions implementation in Google Chrome before 13.0.782.107 does not properly validate the URL for the home page, which allows remote attackers to have an unspecified impact via a crafted extension.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 13.0.782.0 - 13.0.782.106
CPE2.3- cpe:2.3:a:google:google_chrome:13.0.782.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:13.0.782.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:13.0.782.3:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=84402
http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html
http://osvdb.org/74235
http://exchange.xforce.ibmcloud.com/vulnerabilities/68947
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14298
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Input validation error
EUVDB-ID: #VU44856
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-2786
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate data.
Google Chrome before 13.0.782.107 does not ensure that the speech-input bubble is shown on the product's screen, which might make it easier for remote attackers to make audio recordings via a crafted web page containing an INPUT element.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 13.0.782.0 - 13.0.782.106
CPE2.3- cpe:2.3:a:google:google_chrome:13.0.782.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:13.0.782.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:13.0.782.3:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=84600
http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html
http://osvdb.org/74236
http://exchange.xforce.ibmcloud.com/vulnerabilities/68948
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14331
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Input validation error
EUVDB-ID: #VU44857
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-2787
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
Google Chrome before 13.0.782.107 does not properly address re-entrancy issues associated with the GPU lock, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 13.0.782.0 - 13.0.782.106
CPE2.3- cpe:2.3:a:google:google_chrome:13.0.782.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:13.0.782.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:13.0.782.3:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=84805
http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html
http://osvdb.org/74237
http://exchange.xforce.ibmcloud.com/vulnerabilities/68949
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14533
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Buffer overflow
EUVDB-ID: #VU44858
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-2788
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Buffer overflow in the inspector serialization functionality in Google Chrome before 13.0.782.107 allows user-assisted remote attackers to have an unspecified impact via unknown vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 13.0.782.0 - 13.0.782.106
CPE2.3- cpe:2.3:a:google:google_chrome:13.0.782.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:13.0.782.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:13.0.782.3:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=85559
http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html
http://osvdb.org/74238
http://support.apple.com/kb/HT4981
http://support.apple.com/kb/HT4999
http://support.apple.com/kb/HT5000
http://exchange.xforce.ibmcloud.com/vulnerabilities/68950
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14330
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Use-after-free
EUVDB-ID: #VU44859
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-2789
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing vectors related to instantiation of the Pepper plug-in. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate to version 13.0.782.107.
Vulnerable software versionsGoogle Chrome: 13.0.782.0 - 13.0.782.106
CPE2.3- cpe:2.3:a:google:google_chrome:13.0.782.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:13.0.782.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:13.0.782.3:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=85808
http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html
http://osvdb.org/74239
http://exchange.xforce.ibmcloud.com/vulnerabilities/68951
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14751
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Use-after-free
EUVDB-ID: #VU44860
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-2790
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing vectors involving floating styles. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate to version 13.0.782.107.
Vulnerable software versionsGoogle Chrome: 13.0.782.0 - 13.0.782.106
CPE2.3- cpe:2.3:a:google:google_chrome:13.0.782.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:13.0.782.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:13.0.782.3:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=86502
http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html
http://osvdb.org/74240
http://support.apple.com/kb/HT4981
http://support.apple.com/kb/HT4999
http://support.apple.com/kb/HT5000
http://exchange.xforce.ibmcloud.com/vulnerabilities/68952
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14078
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
