SB2012032202 - Multiple vulnerabilities in Techland Chrome
Published: March 22, 2012 Updated: August 11, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 9 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2011-3049)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
Google Chrome before 17.0.963.83 does not properly restrict the extension web request API, which allows remote attackers to cause a denial of service (disrupted system requests) via a crafted extension.
2) Integer overflow (CVE-ID: CVE-2011-3045)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file, a different vulnerability than CVE-2011-3026.
3) Use-after-free (CVE-ID: CVE-2011-3050)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing vectors related to the :first-letter pseudo-element. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
4) Use-after-free (CVE-ID: CVE-2011-3051)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing vectors related to the cross-fade function. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
5) Use-after-free (CVE-ID: CVE-2011-3053)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing vectors related to block splitting. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
6) Improper Privilege Management (CVE-ID: CVE-2011-3054)
The vulnerability allows a remote non-authenticated attacker to manipulate data.
The WebUI privilege implementation in Google Chrome before 17.0.963.83 does not properly perform isolation, which allows remote attackers to bypass intended access restrictions via unspecified vectors.
7) Missing Authentication for Critical Function (CVE-ID: CVE-2011-3055)
The vulnerability allows a remote non-authenticated attacker to manipulate data.
The browser native UI in Google Chrome before 17.0.963.83 does not require user confirmation before an unpacked extension installation, which allows user-assisted remote attackers to have an unspecified impact via a crafted extension.
8) Origin validation error (CVE-ID: CVE-2011-3056)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google Chrome before 17.0.963.83 allows remote attackers to bypass the Same Origin Policy via vectors involving a "magic iframe."
9) Out-of-bounds read (CVE-ID: CVE-2011-3057)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
Google V8, as used in Google Chrome before 17.0.963.83, allows remote attackers to cause a denial of service via vectors that trigger an invalid read operation.
Remediation
Install update from vendor's website.
References
- http://code.google.com/p/chromium/issues/detail?id=108648
- http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html
- http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00000.html
- http://osvdb.org/80295
- http://secunia.com/advisories/48527
- http://security.gentoo.org/glsa/glsa-201203-19.xml
- http://www.securityfocus.com/bid/52674
- http://www.securitytracker.com/id?1026841
- https://exchange.xforce.ibmcloud.com/vulnerabilities/74218
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15049
- http://code.google.com/p/chromium/issues/detail?id=116162
- http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=a8c319a2b281af68f7ca0e2f9a28ca57b44ceb2b
- http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075424.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075619.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075981.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075987.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076461.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076731.html
- http://lists.opensuse.org/opensuse-updates/2012-03/msg00051.html
- http://rhn.redhat.com/errata/RHSA-2012-0407.html
- http://rhn.redhat.com/errata/RHSA-2012-0488.html
- http://secunia.com/advisories/48320
- http://secunia.com/advisories/48485
- http://secunia.com/advisories/48512
- http://secunia.com/advisories/48554
- http://secunia.com/advisories/49660
- http://security.gentoo.org/glsa/glsa-201206-15.xml
- http://src.chromium.org/viewvc/chrome?view=rev&revision=125311
- http://www.debian.org/security/2012/dsa-2439
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:033
- http://www.securitytracker.com/id?1026823
- https://bugzilla.redhat.com/show_bug.cgi?id=799000
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14763
- http://code.google.com/p/chromium/issues/detail?id=113902
- http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html
- http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html
- http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
- http://osvdb.org/80288
- http://support.apple.com/kb/HT5400
- http://support.apple.com/kb/HT5485
- http://support.apple.com/kb/HT5503
- https://exchange.xforce.ibmcloud.com/vulnerabilities/74210
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14414
- http://code.google.com/p/chromium/issues/detail?id=116461
- http://osvdb.org/80289
- https://exchange.xforce.ibmcloud.com/vulnerabilities/74211
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15016
- http://code.google.com/p/chromium/issues/detail?id=116746
- http://osvdb.org/80291
- https://exchange.xforce.ibmcloud.com/vulnerabilities/74213
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14658
- http://code.google.com/p/chromium/issues/detail?id=117418
- http://osvdb.org/80292
- https://exchange.xforce.ibmcloud.com/vulnerabilities/74214
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15028
- http://code.google.com/p/chromium/issues/detail?id=117736
- https://exchange.xforce.ibmcloud.com/vulnerabilities/74215
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15033
- http://code.google.com/p/chromium/issues/detail?id=117550
- http://lists.apple.com/archives/security-announce/2012/May/msg00000.html
- http://lists.apple.com/archives/security-announce/2012/May/msg00002.html
- http://osvdb.org/80294
- http://osvdb.org/81794
- http://secunia.com/advisories/47292
- http://support.apple.com/kb/HT5282
- https://exchange.xforce.ibmcloud.com/vulnerabilities/74216
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14962
- http://code.google.com/p/chromium/issues/detail?id=117794
- http://secunia.com/advisories/48618
- http://secunia.com/advisories/48691
- http://secunia.com/advisories/48763
- http://www.securitytracker.com/id?1026877
- https://exchange.xforce.ibmcloud.com/vulnerabilities/74217
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14385