Multiple vulnerabilities in Techland Chrome
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 30 |
| CVE-ID | CVE-2011-2830 CVE-2011-2849 CVE-2011-2850 CVE-2011-2851 CVE-2011-2852 CVE-2011-2853 CVE-2011-2854 CVE-2011-2855 CVE-2011-2856 CVE-2011-2857 CVE-2011-2858 CVE-2011-2859 CVE-2011-2860 CVE-2011-2861 CVE-2011-2862 CVE-2011-2864 CVE-2011-2874 CVE-2011-2875 CVE-2011-3234 CVE-2011-2834 CVE-2011-2835 CVE-2011-2836 CVE-2011-2838 CVE-2011-2840 CVE-2011-2841 CVE-2011-2843 CVE-2011-2844 CVE-2011-2846 CVE-2011-2847 CVE-2011-2848 |
| CWE-ID | CWE-20 CWE-476 CWE-125 CWE-193 CWE-416 CWE-74 CWE-346 CWE-276 CWE-264 CWE-295 CWE-843 CWE-415 CWE-362 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #25 is available. |
| Vulnerable software Subscribe |
Google Chrome Client/Desktop applications / Web browsers |
| Vendor |
Security Bulletin
This security bulletin contains information about 30 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU44554
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-2830
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google V8, as used in Google Chrome before 14.0.835.163, does not properly implement script object wrappers, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 14.0.835.0 - 14.0.835.162
CPE2.3- cpe:2.3:a:google:google_chrome:14.0.835.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=76771
http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14336
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) NULL pointer dereference
EUVDB-ID: #VU44710
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-2849
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via unspecified vectors.
MitigationUpdate to version 14.0.835.163.
Vulnerable software versionsGoogle Chrome: 14.0.835.0 - 14.0.835.162
CPE2.3- cpe:2.3:a:google:google_chrome:14.0.835.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=89795
http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html
http://osvdb.org/75549
http://exchange.xforce.ibmcloud.com/vulnerabilities/69875
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14047
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Out-of-bounds read
EUVDB-ID: #VU44711
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-2850
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
Google Chrome before 14.0.835.163 does not properly handle Khmer characters, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 14.0.835.0 - 14.0.835.162
CPE2.3- cpe:2.3:a:google:google_chrome:14.0.835.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=90134
http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html
http://osvdb.org/75551
http://exchange.xforce.ibmcloud.com/vulnerabilities/69877
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14710
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Out-of-bounds read
EUVDB-ID: #VU44712
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-2851
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
Google Chrome before 14.0.835.163 does not properly handle video, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 14.0.835.0 - 14.0.835.162
CPE2.3- cpe:2.3:a:google:google_chrome:14.0.835.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=90173
http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html
http://osvdb.org/75552
http://exchange.xforce.ibmcloud.com/vulnerabilities/69878
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14040
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Off-by-one
EUVDB-ID: #VU44713
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-2852
CWE-ID:
CWE-193 - Off-by-one Error
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Off-by-one error in Google V8, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 14.0.835.0 - 14.0.835.162
CPE2.3- cpe:2.3:a:google:google_chrome:14.0.835.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=91120
http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html
http://osvdb.org/75553
http://exchange.xforce.ibmcloud.com/vulnerabilities/69879
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14551
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Use-after-free
EUVDB-ID: #VU44714
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-2853
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing vectors related to plug-in handling. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate to version 14.0.835.163.
Vulnerable software versionsGoogle Chrome: 14.0.835.0 - 14.0.835.162
CPE2.3- cpe:2.3:a:google:google_chrome:14.0.835.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=91197
http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html
http://osvdb.org/75555
http://exchange.xforce.ibmcloud.com/vulnerabilities/69880
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14395
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Use-after-free
EUVDB-ID: #VU44715
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-2854
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing vectors related to "ruby / table style handing. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate to version 14.0.835.163.
Vulnerable software versionsGoogle Chrome: 14.0.835.0 - 14.0.835.162
CPE2.3- cpe:2.3:a:google:google_chrome:14.0.835.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=92651
http://code.google.com/p/chromium/issues/detail?id=94800
http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html
http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html
http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html
http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html
http://osvdb.org/75556
http://secunia.com/advisories/48274
http://secunia.com/advisories/48288
http://secunia.com/advisories/48377
http://www.securitytracker.com/id?1026774
http://exchange.xforce.ibmcloud.com/vulnerabilities/69881
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14691
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Improper Neutralization of Special Elements in Output Used by a Downstream Component
EUVDB-ID: #VU44716
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-2855
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google Chrome before 14.0.835.163 does not properly handle Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale node."
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 14.0.835.0 - 14.0.835.162
CPE2.3- cpe:2.3:a:google:google_chrome:14.0.835.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=92959
http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html
http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html
http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html
http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html
http://osvdb.org/75557
http://secunia.com/advisories/48274
http://secunia.com/advisories/48288
http://secunia.com/advisories/48377
http://www.securitytracker.com/id?1026774
http://exchange.xforce.ibmcloud.com/vulnerabilities/69882
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14485
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Origin validation error
EUVDB-ID: #VU44717
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-2856
CWE-ID:
CWE-346 - Origin Validation Error
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google V8, as used in Google Chrome before 14.0.835.163, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 14.0.835.0 - 14.0.835.162
CPE2.3- cpe:2.3:a:google:google_chrome:14.0.835.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=93416
http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html
http://osvdb.org/75558
http://exchange.xforce.ibmcloud.com/vulnerabilities/69883
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14262
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Use-after-free
EUVDB-ID: #VU44718
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-2857
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing vectors related to the focus controller. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate to version 14.0.835.163.
Vulnerable software versionsGoogle Chrome: 14.0.835.0 - 14.0.835.162
CPE2.3- cpe:2.3:a:google:google_chrome:14.0.835.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=93420
http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html
http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html
http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html
http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html
http://osvdb.org/75559
http://secunia.com/advisories/48274
http://secunia.com/advisories/48288
http://secunia.com/advisories/48377
http://www.securitytracker.com/id?1026774
http://exchange.xforce.ibmcloud.com/vulnerabilities/69884
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14593
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Out-of-bounds read
EUVDB-ID: #VU44719
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-2858
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
Google Chrome before 14.0.835.163 does not properly handle triangle arrays, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 14.0.835.0 - 14.0.835.162
CPE2.3- cpe:2.3:a:google:google_chrome:14.0.835.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=95625
http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html
http://osvdb.org/75566
http://exchange.xforce.ibmcloud.com/vulnerabilities/69891
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14592
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Incorrect default permissions
EUVDB-ID: #VU44720
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-2859
CWE-ID:
CWE-276 - Incorrect Default Permissions
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google Chrome before 14.0.835.163 uses incorrect permissions for non-gallery pages, which has unspecified impact and attack vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 14.0.835.0 - 14.0.835.162
CPE2.3- cpe:2.3:a:google:google_chrome:14.0.835.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=93497
http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html
http://osvdb.org/75561
http://exchange.xforce.ibmcloud.com/vulnerabilities/69886
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14594
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Use-after-free
EUVDB-ID: #VU44721
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-2860
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing vectors related to table styles. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate to version 14.0.835.163.
Vulnerable software versionsGoogle Chrome: 14.0.835.0 - 14.0.835.162
CPE2.3- cpe:2.3:a:google:google_chrome:14.0.835.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=93587
http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html
http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html
http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html
http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html
http://osvdb.org/75562
http://secunia.com/advisories/48274
http://secunia.com/advisories/48288
http://secunia.com/advisories/48377
http://www.securitytracker.com/id?1026774
http://exchange.xforce.ibmcloud.com/vulnerabilities/69887
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14499
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Input validation error
EUVDB-ID: #VU44722
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-2861
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google Chrome before 14.0.835.163 does not properly handle strings in PDF documents, which allows remote attackers to have an unspecified impact via a crafted document that triggers an incorrect read operation.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 14.0.835.0 - 14.0.835.162
CPE2.3- cpe:2.3:a:google:google_chrome:14.0.835.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=93596
http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html
http://osvdb.org/75563
http://exchange.xforce.ibmcloud.com/vulnerabilities/69888
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14677
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU44723
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-2862
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google V8, as used in Google Chrome before 14.0.835.163, does not properly restrict access to built-in objects, which has unspecified impact and remote attack vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 14.0.835.0 - 14.0.835.162
CPE2.3- cpe:2.3:a:google:google_chrome:14.0.835.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=93906
http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html
http://osvdb.org/75564
http://exchange.xforce.ibmcloud.com/vulnerabilities/69889
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14431
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Out-of-bounds read
EUVDB-ID: #VU44724
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-2864
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
Google Chrome before 14.0.835.163 does not properly handle Tibetan characters, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 14.0.835.0 - 14.0.835.162
CPE2.3- cpe:2.3:a:google:google_chrome:14.0.835.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=95563
http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html
http://osvdb.org/75565
http://exchange.xforce.ibmcloud.com/vulnerabilities/69890
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14296
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Improper Certificate Validation
EUVDB-ID: #VU44725
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-2874
CWE-ID:
CWE-295 - Improper Certificate Validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google Chrome before 14.0.835.163 does not perform an expected pin operation for a self-signed certificate during a session, which has unspecified impact and remote attack vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 14.0.835.0 - 14.0.835.162
CPE2.3- cpe:2.3:a:google:google_chrome:14.0.835.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=95917
http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html
http://osvdb.org/75567
http://exchange.xforce.ibmcloud.com/vulnerabilities/69892
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14454
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Type Confusion
EUVDB-ID: #VU44726
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-2875
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google V8, as used in Google Chrome before 14.0.835.163, does not properly perform object sealing, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion."
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 14.0.835.0 - 14.0.835.162
CPE2.3- cpe:2.3:a:google:google_chrome:14.0.835.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=95920
http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html
http://osvdb.org/75554
http://exchange.xforce.ibmcloud.com/vulnerabilities/69893
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Out-of-bounds read
EUVDB-ID: #VU44727
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-3234
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
Google Chrome before 14.0.835.163 does not properly handle boxes, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 14.0.835.0 - 14.0.835.162
CPE2.3- cpe:2.3:a:google:google_chrome:14.0.835.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=89991
http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html
http://osvdb.org/75550
http://support.apple.com/kb/HT4981
http://support.apple.com/kb/HT4999
http://support.apple.com/kb/HT5000
http://exchange.xforce.ibmcloud.com/vulnerabilities/69876
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14224
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Double Free
EUVDB-ID: #VU44728
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-2834
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Double free vulnerability in libxml2, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 14.0.835.0 - 14.0.835.162
CPE2.3- cpe:2.3:a:google:google_chrome:14.0.835.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=93472
http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
http://osvdb.org/75560
http://rhn.redhat.com/errata/RHSA-2013-0217.html
http://support.apple.com/kb/HT5281
http://support.apple.com/kb/HT5503
http://www.debian.org/security/2012/dsa-2394
http://www.mandriva.com/security/advisories?name=MDVSA-2011:145
http://www.redhat.com/support/errata/RHSA-2011-1749.html
http://exchange.xforce.ibmcloud.com/vulnerabilities/69885
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14410
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Race condition
EUVDB-ID: #VU44729
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-2835
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Race condition in Google Chrome before 14.0.835.163 allows attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the certificate cache.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 14.0.835.0 - 14.0.835.162
CPE2.3- cpe:2.3:a:google:google_chrome:14.0.835.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=49377
http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html
http://osvdb.org/75536
http://exchange.xforce.ibmcloud.com/vulnerabilities/69862
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14234
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Input validation error
EUVDB-ID: #VU44730
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-2836
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google Chrome before 14.0.835.163 does not require Infobar interaction before use of the Windows Media Player plug-in, which makes it easier for remote attackers to have an unspecified impact via crafted Flash content.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 14.0.835.0 - 14.0.835.162
CPE2.3- cpe:2.3:a:google:google_chrome:14.0.835.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=51464
http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html
http://osvdb.org/75537
http://exchange.xforce.ibmcloud.com/vulnerabilities/69863
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13966
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Input validation error
EUVDB-ID: #VU44731
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-2838
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google Chrome before 14.0.835.163 does not properly consider the MIME type during the loading of a plug-in, which has unspecified impact and remote attack vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 14.0.835.0 - 14.0.835.162
CPE2.3- cpe:2.3:a:google:google_chrome:14.0.835.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=75070
http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html
http://osvdb.org/75539
http://exchange.xforce.ibmcloud.com/vulnerabilities/69865
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14261
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Input validation error
EUVDB-ID: #VU44732
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-2840
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate data.
Google Chrome before 14.0.835.163 allows user-assisted remote attackers to spoof the URL bar via vectors related to "unusual user interaction."
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 14.0.835.0 - 14.0.835.162
CPE2.3- cpe:2.3:a:google:google_chrome:14.0.835.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=78427
http://code.google.com/p/chromium/issues/detail?id=83031
http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html
http://osvdb.org/75546
http://exchange.xforce.ibmcloud.com/vulnerabilities/69867
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14491
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Input validation error
EUVDB-ID: #VU44733
Risk: Medium
CVSSv3.1: 6.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C]
CVE-ID: CVE-2011-2841
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google Chrome before 14.0.835.163 does not properly perform garbage collection during the processing of PDF documents, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 14.0.835.0 - 14.0.835.162
CPE2.3- cpe:2.3:a:google:google_chrome:14.0.835.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=78639
http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html
http://osvdb.org/75541
http://securityreason.com/securityalert/8411
http://exchange.xforce.ibmcloud.com/vulnerabilities/69868
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14019
http://www.exploit-db.com/exploits/17929/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
26) Out-of-bounds read
EUVDB-ID: #VU44734
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-2843
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
Google Chrome before 14.0.835.163 does not properly handle media buffers, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 14.0.835.0 - 14.0.835.162
CPE2.3- cpe:2.3:a:google:google_chrome:14.0.835.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=82438
http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html
http://osvdb.org/75543
http://exchange.xforce.ibmcloud.com/vulnerabilities/69870
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14547
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Out-of-bounds read
EUVDB-ID: #VU44735
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-2844
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
Google Chrome before 14.0.835.163 does not properly process MP3 files, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 14.0.835.0 - 14.0.835.162
CPE2.3- cpe:2.3:a:google:google_chrome:14.0.835.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=85041
http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html
http://osvdb.org/75544
http://exchange.xforce.ibmcloud.com/vulnerabilities/69871
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14696
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Use-after-free
EUVDB-ID: #VU44736
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-2846
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing vectors related to unload event handling. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate to version 14.0.835.163.
Vulnerable software versionsGoogle Chrome: 14.0.835.0 - 14.0.835.162
CPE2.3- cpe:2.3:a:google:google_chrome:14.0.835.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=89219
http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html
http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html
http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html
http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html
http://osvdb.org/75545
http://secunia.com/advisories/48274
http://secunia.com/advisories/48288
http://secunia.com/advisories/48377
http://www.securitytracker.com/id?1026774
http://exchange.xforce.ibmcloud.com/vulnerabilities/69872
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14451
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Use-after-free
EUVDB-ID: #VU44737
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-2847
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing a crafted document. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate to version 14.0.835.163.
Vulnerable software versionsGoogle Chrome: 14.0.835.0 - 14.0.835.162
CPE2.3- cpe:2.3:a:google:google_chrome:14.0.835.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=89330
http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html
http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html
http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html
http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html
http://osvdb.org/75547
http://secunia.com/advisories/48274
http://secunia.com/advisories/48288
http://secunia.com/advisories/48377
http://www.securitytracker.com/id?1026774
http://exchange.xforce.ibmcloud.com/vulnerabilities/69873
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14695
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Input validation error
EUVDB-ID: #VU44738
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-2848
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate data.
Google Chrome before 14.0.835.163 allows user-assisted remote attackers to spoof the URL bar via vectors related to the forward button.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 14.0.835.0 - 14.0.835.162
CPE2.3- cpe:2.3:a:google:google_chrome:14.0.835.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:14.0.835.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=89564
http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html
http://osvdb.org/75548
http://exchange.xforce.ibmcloud.com/vulnerabilities/69874
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13915
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
