Multiple vulnerabilities in Techland Chrome
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 12 |
| CVE-ID | CVE-2011-3076 CVE-2011-3077 CVE-2011-3066 CVE-2011-3067 CVE-2011-3068 CVE-2011-3069 CVE-2011-3070 CVE-2011-3071 CVE-2011-3072 CVE-2011-3073 CVE-2011-3074 CVE-2011-3075 |
| CWE-ID | CWE-416 CWE-125 CWE-346 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Google Chrome Client/Desktop applications / Web browsers |
| Vendor |
Security Bulletin
This security bulletin contains information about 12 vulnerabilities.
1) Use-after-free
EUVDB-ID: #VU44144
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-3076
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing vectors related to focus handling. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate to version 18.0.1025.151.
Vulnerable software versionsGoogle Chrome: 18.0.1025.0 - 18.0.1025.150
CPE2.3- cpe:2.3:a:google:google_chrome:18.0.1025.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:18.0.1025.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:18.0.1025.2:*:*:*:*:*:*:*
https://code.google.com/p/chromium/issues/detail?id=120037
https://googlechromereleases.blogspot.com/2012/04/stable-and-beta-channel-updates.html
https://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
https://secunia.com/advisories/48732
https://secunia.com/advisories/48749
https://security.gentoo.org/glsa/glsa-201204-03.xml
https://support.apple.com/kb/HT5400
https://support.apple.com/kb/HT5485
https://support.apple.com/kb/HT5503
https://www.securityfocus.com/bid/52913
https://www.securitytracker.com/id?1026892
https://exchange.xforce.ibmcloud.com/vulnerabilities/74636
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15172
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use-after-free
EUVDB-ID: #VU44145
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-3077
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing vectors involving the script bindings, related to a "read-after-free" issue. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate to version 18.0.1025.151.
Vulnerable software versionsGoogle Chrome: 18.0.1025.0 - 18.0.1025.150
CPE2.3- cpe:2.3:a:google:google_chrome:18.0.1025.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:18.0.1025.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:18.0.1025.2:*:*:*:*:*:*:*
https://code.google.com/p/chromium/issues/detail?id=120189
https://googlechromereleases.blogspot.com/2012/04/stable-and-beta-channel-updates.html
https://secunia.com/advisories/48732
https://secunia.com/advisories/48749
https://security.gentoo.org/glsa/glsa-201204-03.xml
https://www.securityfocus.com/bid/52913
https://www.securitytracker.com/id?1026892
https://exchange.xforce.ibmcloud.com/vulnerabilities/74637
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15343
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Out-of-bounds read
EUVDB-ID: #VU44146
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-3066
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Skia, as used in Google Chrome before 18.0.1025.151, does not properly perform clipping, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 18.0.1025.0 - 18.0.1025.150
CPE2.3- cpe:2.3:a:google:google_chrome:18.0.1025.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:18.0.1025.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:18.0.1025.2:*:*:*:*:*:*:*
https://code.google.com/p/chromium/issues/detail?id=106577
https://googlechromereleases.blogspot.com/2012/04/stable-and-beta-channel-updates.html
https://osvdb.org/81036
https://secunia.com/advisories/48732
https://secunia.com/advisories/48749
https://security.gentoo.org/glsa/glsa-201204-03.xml
https://www.securityfocus.com/bid/52913
https://www.securitytracker.com/id?1026892
https://exchange.xforce.ibmcloud.com/vulnerabilities/74626
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15453
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Origin validation error
EUVDB-ID: #VU44147
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-3067
CWE-ID:
CWE-346 - Origin Validation Error
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vectors related to replacement of IFRAME elements.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 18.0.1025.0 - 18.0.1025.150
CPE2.3- cpe:2.3:a:google:google_chrome:18.0.1025.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:18.0.1025.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:18.0.1025.2:*:*:*:*:*:*:*
https://code.google.com/p/chromium/issues/detail?id=117583
https://googlechromereleases.blogspot.com/2012/04/stable-and-beta-channel-updates.html
https://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
https://osvdb.org/81037
https://secunia.com/advisories/48732
https://secunia.com/advisories/48749
https://security.gentoo.org/glsa/glsa-201204-03.xml
https://support.apple.com/kb/HT5400
https://support.apple.com/kb/HT5503
https://www.securityfocus.com/bid/52913
https://www.securitytracker.com/id?1026892
https://exchange.xforce.ibmcloud.com/vulnerabilities/74627
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15342
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Use-after-free
EUVDB-ID: #VU44148
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-3068
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing vectors related to run-in boxes. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate to version 18.0.1025.151.
Vulnerable software versionsGoogle Chrome: 18.0.1025.0 - 18.0.1025.150
CPE2.3- cpe:2.3:a:google:google_chrome:18.0.1025.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:18.0.1025.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:18.0.1025.2:*:*:*:*:*:*:*
https://code.google.com/p/chromium/issues/detail?id=117698
https://googlechromereleases.blogspot.com/2012/04/stable-and-beta-channel-updates.html
https://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
https://osvdb.org/81038
https://secunia.com/advisories/48732
https://secunia.com/advisories/48749
https://security.gentoo.org/glsa/glsa-201204-03.xml
https://support.apple.com/kb/HT5400
https://support.apple.com/kb/HT5485
https://support.apple.com/kb/HT5503
https://www.securityfocus.com/bid/52913
https://www.securitytracker.com/id?1026892
https://exchange.xforce.ibmcloud.com/vulnerabilities/74628
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15285
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Use-after-free
EUVDB-ID: #VU44149
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-3069
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing vectors related to line boxes. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate to version 18.0.1025.151.
Vulnerable software versionsGoogle Chrome: 18.0.1025.0 - 18.0.1025.150
CPE2.3- cpe:2.3:a:google:google_chrome:18.0.1025.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:18.0.1025.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:18.0.1025.2:*:*:*:*:*:*:*
https://code.google.com/p/chromium/issues/detail?id=117728
https://googlechromereleases.blogspot.com/2012/04/stable-and-beta-channel-updates.html
https://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
https://osvdb.org/81039
https://secunia.com/advisories/48732
https://secunia.com/advisories/48749
https://security.gentoo.org/glsa/glsa-201204-03.xml
https://support.apple.com/kb/HT5400
https://support.apple.com/kb/HT5485
https://support.apple.com/kb/HT5503
https://www.securityfocus.com/bid/52913
https://www.securitytracker.com/id?1026892
https://exchange.xforce.ibmcloud.com/vulnerabilities/74629
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15310
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Use-after-free
EUVDB-ID: #VU44150
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-3070
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing vectors related to the Google V8 bindings. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate to version 18.0.1025.151.
Vulnerable software versionsGoogle Chrome: 18.0.1025.0 - 18.0.1025.150
CPE2.3- cpe:2.3:a:google:google_chrome:18.0.1025.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:18.0.1025.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:18.0.1025.2:*:*:*:*:*:*:*
https://code.google.com/p/chromium/issues/detail?id=118185
https://googlechromereleases.blogspot.com/2012/04/stable-and-beta-channel-updates.html
https://osvdb.org/81040
https://secunia.com/advisories/48732
https://secunia.com/advisories/48749
https://security.gentoo.org/glsa/glsa-201204-03.xml
https://www.securityfocus.com/bid/52913
https://www.securitytracker.com/id?1026892
https://exchange.xforce.ibmcloud.com/vulnerabilities/74630
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15521
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Use-after-free
EUVDB-ID: #VU44151
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-3071
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing unknown vectors. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate to version 18.0.1025.151.
Vulnerable software versionsGoogle Chrome: 18.0.1025.0 - 18.0.1025.150
CPE2.3- cpe:2.3:a:google:google_chrome:18.0.1025.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:18.0.1025.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:18.0.1025.2:*:*:*:*:*:*:*
https://code.google.com/p/chromium/issues/detail?id=118273
https://googlechromereleases.blogspot.com/2012/04/stable-and-beta-channel-updates.html
https://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
https://osvdb.org/81041
https://secunia.com/advisories/48732
https://secunia.com/advisories/48749
https://security.gentoo.org/glsa/glsa-201204-03.xml
https://support.apple.com/kb/HT5400
https://support.apple.com/kb/HT5485
https://support.apple.com/kb/HT5503
https://www.securityfocus.com/bid/52913
https://www.securitytracker.com/id?1026892
https://exchange.xforce.ibmcloud.com/vulnerabilities/74631
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15317
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Origin validation error
EUVDB-ID: #VU44152
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-3072
CWE-ID:
CWE-346 - Origin Validation Error
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vectors related to pop-up windows.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 18.0.1025.0 - 18.0.1025.150
CPE2.3- cpe:2.3:a:google:google_chrome:18.0.1025.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:18.0.1025.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:18.0.1025.2:*:*:*:*:*:*:*
https://code.google.com/p/chromium/issues/detail?id=118467
https://googlechromereleases.blogspot.com/2012/04/stable-and-beta-channel-updates.html
https://osvdb.org/81042
https://secunia.com/advisories/48732
https://secunia.com/advisories/48749
https://security.gentoo.org/glsa/glsa-201204-03.xml
https://www.securityfocus.com/bid/52913
https://www.securitytracker.com/id?1026892
https://exchange.xforce.ibmcloud.com/vulnerabilities/74632
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15480
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Use-after-free
EUVDB-ID: #VU44153
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-3073
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing vectors related to the handling of SVG resources. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate to version 18.0.1025.151.
Vulnerable software versionsGoogle Chrome: 18.0.1025.0 - 18.0.1025.150
CPE2.3- cpe:2.3:a:google:google_chrome:18.0.1025.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:18.0.1025.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:18.0.1025.2:*:*:*:*:*:*:*
https://code.google.com/p/chromium/issues/detail?id=118593
https://googlechromereleases.blogspot.com/2012/04/stable-and-beta-channel-updates.html
https://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
https://osvdb.org/81043
https://secunia.com/advisories/48732
https://secunia.com/advisories/48749
https://security.gentoo.org/glsa/glsa-201204-03.xml
https://support.apple.com/kb/HT5400
https://support.apple.com/kb/HT5485
https://support.apple.com/kb/HT5503
https://www.securityfocus.com/bid/52913
https://www.securitytracker.com/id?1026892
https://exchange.xforce.ibmcloud.com/vulnerabilities/74633
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14576
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Use-after-free
EUVDB-ID: #VU44154
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-3074
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing vectors related to the handling of media. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate to version 18.0.1025.151.
Vulnerable software versionsGoogle Chrome: 18.0.1025.0 - 18.0.1025.150
CPE2.3- cpe:2.3:a:google:google_chrome:18.0.1025.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:18.0.1025.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:18.0.1025.2:*:*:*:*:*:*:*
https://code.google.com/p/chromium/issues/detail?id=119281
https://googlechromereleases.blogspot.com/2012/04/stable-and-beta-channel-updates.html
https://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
https://secunia.com/advisories/48732
https://secunia.com/advisories/48749
https://security.gentoo.org/glsa/glsa-201204-03.xml
https://support.apple.com/kb/HT5400
https://support.apple.com/kb/HT5485
https://support.apple.com/kb/HT5503
https://www.securityfocus.com/bid/52913
https://www.securitytracker.com/id?1026892
https://exchange.xforce.ibmcloud.com/vulnerabilities/74634
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15513
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Use-after-free
EUVDB-ID: #VU44155
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-3075
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing vectors related to style-application commands. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate to version 18.0.1025.151.
Vulnerable software versionsGoogle Chrome: 18.0.1025.0 - 18.0.1025.150
CPE2.3- cpe:2.3:a:google:google_chrome:18.0.1025.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:18.0.1025.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:18.0.1025.2:*:*:*:*:*:*:*
https://code.google.com/p/chromium/issues/detail?id=119525
https://googlechromereleases.blogspot.com/2012/04/stable-and-beta-channel-updates.html
https://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
https://secunia.com/advisories/48732
https://secunia.com/advisories/48749
https://security.gentoo.org/glsa/glsa-201204-03.xml
https://support.apple.com/kb/HT5400
https://support.apple.com/kb/HT5485
https://support.apple.com/kb/HT5503
https://www.securityfocus.com/bid/52913
https://www.securitytracker.com/id?1026892
https://exchange.xforce.ibmcloud.com/vulnerabilities/74635
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15141
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
