Multiple vulnerabilities in Techland Chrome
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 17 |
| CVE-ID | CVE-2012-2822 CVE-2012-2823 CVE-2012-2825 CVE-2012-2826 CVE-2012-2828 CVE-2012-2829 CVE-2012-2830 CVE-2012-2831 CVE-2012-2832 CVE-2012-2833 CVE-2012-2834 CVE-2012-2815 CVE-2012-2817 CVE-2012-2818 CVE-2012-2819 CVE-2012-2820 CVE-2012-2821 |
| CWE-ID | CWE-20 CWE-416 CWE-119 CWE-200 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Google Chrome Client/Desktop applications / Web browsers |
| Vendor |
Security Bulletin
This security bulletin contains information about 17 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU43934
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2012-2822
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The PDF functionality in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 20.0.1132.0 - 20.0.1132.41
CPE2.3- cpe:2.3:a:google:google_chrome:20.0.1132.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:20.0.1132.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:20.0.1132.2:*:*:*:*:*:*:*
http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15166
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use-after-free
EUVDB-ID: #VU43935
Risk: Medium
CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2012-2823
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing vectors related to SVG resources. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 20.0.1132.0 - 20.0.1132.41
CPE2.3- cpe:2.3:a:google:google_chrome:20.0.1132.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:20.0.1132.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:20.0.1132.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=124356
http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html
http://hermes.opensuse.org/messages/15075728
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15204
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Input validation error
EUVDB-ID: #VU43936
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2012-2825
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The XSL implementation in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service (incorrect read operation) via unspecified vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 20.0.1132.0 - 20.0.1132.41
CPE2.3- cpe:2.3:a:google:google_chrome:20.0.1132.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:20.0.1132.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:20.0.1132.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=127417
http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html
http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html
http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html
http://secunia.com/advisories/54886
http://support.apple.com/kb/HT5934
http://support.apple.com/kb/HT6001
http://hermes.opensuse.org/messages/15075728
http://www.suse.com/support/update/announcement/2013/suse-su-20131654-1.html
http://www.suse.com/support/update/announcement/2013/suse-su-20131656-1.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Input validation error
EUVDB-ID: #VU43937
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2012-2826
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
Google Chrome before 20.0.1132.43 does not properly implement texture conversion, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 20.0.1132.0 - 20.0.1132.41
CPE2.3- cpe:2.3:a:google:google_chrome:20.0.1132.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:20.0.1132.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:20.0.1132.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=128688
http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html
http://hermes.opensuse.org/messages/15075728
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15511
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Input validation error
EUVDB-ID: #VU43938
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2012-2828
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Multiple integer overflows in the PDF functionality in Google Chrome before 20.0.1132.43 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 20.0.1132.0 - 20.0.1132.41
CPE2.3- cpe:2.3:a:google:google_chrome:20.0.1132.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:20.0.1132.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:20.0.1132.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=129857
http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15287
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Use-after-free
EUVDB-ID: #VU43939
Risk: Medium
CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2012-2829
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing vectors related to the :first-letter pseudo-element. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 20.0.1132.0 - 20.0.1132.41
CPE2.3- cpe:2.3:a:google:google_chrome:20.0.1132.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:20.0.1132.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:20.0.1132.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=129947
http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html
http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html
http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html
http://support.apple.com/kb/HT5485
http://support.apple.com/kb/HT5502
http://hermes.opensuse.org/messages/15075728
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15144
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Input validation error
EUVDB-ID: #VU43940
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2012-2830
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google Chrome before 20.0.1132.43 does not properly set array values, which allows remote attackers to cause a denial of service (incorrect pointer use) or possibly have unspecified other impact via unknown vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 20.0.1132.0 - 20.0.1132.41
CPE2.3- cpe:2.3:a:google:google_chrome:20.0.1132.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:20.0.1132.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:20.0.1132.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=129951
http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html
http://hermes.opensuse.org/messages/15075728
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15483
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Use-after-free
EUVDB-ID: #VU43941
Risk: Medium
CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2012-2831
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing vectors related to SVG references. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 20.0.1132.0 - 20.0.1132.41
CPE2.3- cpe:2.3:a:google:google_chrome:20.0.1132.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:20.0.1132.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:20.0.1132.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=130356
http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html
http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html
http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html
http://support.apple.com/kb/HT5485
http://support.apple.com/kb/HT5502
http://hermes.opensuse.org/messages/15075728
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14708
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Input validation error
EUVDB-ID: #VU43942
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2012-2832
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The image-codec implementation in the PDF functionality in Google Chrome before 20.0.1132.43 does not initialize an unspecified pointer, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 20.0.1132.0 - 20.0.1132.41
CPE2.3- cpe:2.3:a:google:google_chrome:20.0.1132.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:20.0.1132.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:20.0.1132.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=131553
http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15455
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Buffer overflow
EUVDB-ID: #VU43943
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2012-2833
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Buffer overflow in the JS API in the PDF functionality in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 20.0.1132.0 - 20.0.1132.41
CPE2.3- cpe:2.3:a:google:google_chrome:20.0.1132.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:20.0.1132.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:20.0.1132.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=132156
http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15584
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Input validation error
EUVDB-ID: #VU43944
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2012-2834
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Integer overflow in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted data in the Matroska container format.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 20.0.1132.0 - 20.0.1132.41
CPE2.3- cpe:2.3:a:google:google_chrome:20.0.1132.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:20.0.1132.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:20.0.1132.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=132779
http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html
http://hermes.opensuse.org/messages/15075728
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15444
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Information disclosure
EUVDB-ID: #VU43945
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2012-2815
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
Google Chrome before 20.0.1132.43 allows remote attackers to obtain potentially sensitive information from a fragment identifier by leveraging access to an IFRAME element associated with a different domain.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 20.0.1132.0 - 20.0.1132.41
CPE2.3- cpe:2.3:a:google:google_chrome:20.0.1132.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:20.0.1132.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:20.0.1132.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=118633
http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html
http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html
http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
http://support.apple.com/kb/HT5400
http://support.apple.com/kb/HT5503
http://hermes.opensuse.org/messages/15075728
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15662
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Use-after-free
EUVDB-ID: #VU43946
Risk: Medium
CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2012-2817
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing vectors related to tables that have sections. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 20.0.1132.0 - 20.0.1132.41
CPE2.3- cpe:2.3:a:google:google_chrome:20.0.1132.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:20.0.1132.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:20.0.1132.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=120222
http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html
http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html
http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html
http://support.apple.com/kb/HT5485
http://support.apple.com/kb/HT5502
http://hermes.opensuse.org/messages/15075728
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15264
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Use-after-free
EUVDB-ID: #VU43947
Risk: Medium
CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2012-2818
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing vectors related to the layout of documents that use the Cascading Style Sheets (CSS) counters feature. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 20.0.1132.0 - 20.0.1132.41
CPE2.3- cpe:2.3:a:google:google_chrome:20.0.1132.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:20.0.1132.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:20.0.1132.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=120944
http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html
http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html
http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html
http://support.apple.com/kb/HT5485
http://support.apple.com/kb/HT5502
http://support.apple.com/kb/HT5503
http://hermes.opensuse.org/messages/15075728
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14771
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Input validation error
EUVDB-ID: #VU43948
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2012-2819
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The texSubImage2D implementation in the WebGL subsystem in Google Chrome before 20.0.1132.43 does not properly handle uploads to floating-point textures, which allows remote attackers to cause a denial of service (assertion failure and application crash) or possibly have unspecified other impact via a crafted web page, as demonstrated by certain WebGL performance tests, aka rdar problem 11520387.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 20.0.1132.0 - 20.0.1132.41
CPE2.3- cpe:2.3:a:google:google_chrome:20.0.1132.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:20.0.1132.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:20.0.1132.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=120977
http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html
http://trac.webkit.org/changeset/117191
http://trac.webkit.org/changeset/118410
http://bugs.webkit.org/show_bug.cgi?id=85942
http://chromiumcodereview.appspot.com/10444013
http://hermes.opensuse.org/messages/15075728
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14938
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Input validation error
EUVDB-ID: #VU43949
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2012-2820
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
Google Chrome before 20.0.1132.43 does not properly implement SVG filters, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 20.0.1132.0 - 20.0.1132.41
CPE2.3- cpe:2.3:a:google:google_chrome:20.0.1132.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:20.0.1132.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:20.0.1132.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=121926
http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html
http://hermes.opensuse.org/messages/15075728
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15468
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Input validation error
EUVDB-ID: #VU43950
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2012-2821
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The autofill implementation in Google Chrome before 20.0.1132.43 does not properly display text, which has unspecified impact and remote attack vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 20.0.1132.0 - 20.0.1132.41
CPE2.3- cpe:2.3:a:google:google_chrome:20.0.1132.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:20.0.1132.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:google_chrome:20.0.1132.2:*:*:*:*:*:*:*
http://code.google.com/p/chromium/issues/detail?id=122925
http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html
http://hermes.opensuse.org/messages/15075728
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15565
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
