Executive Summary

Summary
Title Chromium: Multiple vulnerabilities
Informations
Name GLSA-201012-01 First vendor Publication 2010-12-17
Vendor Gentoo Last vendor Modification 2010-12-17
Severity (Vendor) Normal Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

Multiple vulnerabilities have been reported in Chromium, some of which may allow user-assisted execution of arbitrary code.

Background

Chromium is an open-source web browser project.

Description

Multiple vulnerabilities were found in Chromium. For further information please consult the release notes referenced below.

Impact

A remote attacker could trick a user to perform a set of UI actions that trigger a possibly exploitable crash, leading to execution of arbitrary code or a Denial of Service.

It was also possible for an attacker to entice a user to visit a specially-crafted web page that would trigger one of the vulnerabilities, leading to execution of arbitrary code within the confines of the sandbox, successful Cross-Site Scripting attacks, violation of the same-origin policy, successful website spoofing attacks, information leak, or a Denial of Service. An attacker could also trick a user to perform a set of UI actions that might result in a successful website spoofing attack.

Multiple bugs in the sandbox could result in a sandbox escape.

Multiple UI bugs could lead to information leak and successful website spoofing attacks.

Workaround

There is no known workaround at this time.

Resolution

All Chromium users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/chromium-8.0.552.224"

References

[ 1 ] Release Notes 5.0.375.86

http://googlechromereleases.blogspot.com/2010/06/stable-channel-update_24.html [ 2 ] Release Notes 5.0.375.99

http://googlechromereleases.blogspot.com/2010/07/stable-channel-update.html [ 3 ] Release Notes 5.0.375.125

http://googlechromereleases.blogspot.com/2010/07/stable-channel-update_26.html [ 4 ] Release Notes 5.0.375.127

http://googlechromereleases.blogspot.com/2010/08/stable-channel-update_19.html [ 5 ] Release Notes 6.0.472.59

http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html [ 6 ] Release Notes 6.0.472.62

http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_17.html [ 7 ] Release Notes 7.0.517.41

http://googlechromereleases.blogspot.com/2010/10/stable-channel-update.html [ 8 ] Release Notes 7.0.517.44

http://googlechromereleases.blogspot.com/2010/11/stable-channel-update.html [ 9 ] Release Notes 8.0.552.215

http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates.html [ 10 ] Release Notes 8.0.552.224

http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates_13.html

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201012-01.xml

Original Source

Url : http://security.gentoo.org/glsa/glsa-201012-01.xml

CWE : Common Weakness Enumeration

% Id Name
25 % CWE-502 Deserialization of Untrusted Data
25 % CWE-476 NULL Pointer Dereference
25 % CWE-125 Out-of-bounds Read
25 % CWE-20 Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:13953
 
Oval ID: oval:org.mitre.oval:def:13953
Title: The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit, as used in Google Chrome before 8.0.552.224, Chrome OS before 8.0.552.343, webkitgtk before 1.2.6, and other products does not properly parse Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted local font, related to "Type Confusion."
Description: The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit, as used in Google Chrome before 8.0.552.224, Chrome OS before 8.0.552.343, webkitgtk before 1.2.6, and other products does not properly parse Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted local font, related to "Type Confusion."
Family: windows Class: vulnerability
Reference(s): CVE-2010-4577
Version: 15
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14141
 
Oval ID: oval:org.mitre.oval:def:14141
Title: DEPRECATED: The Pickle::Pickle function in base/pickle.cc in Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 on 64-bit Linux platforms does not properly perform pointer arithmetic, which allows remote attackers to bypass message deserialization validation, and cause a denial of service or possibly have unspecified other impact, via invalid pickle data.
Description: The Pickle::Pickle function in base/pickle.cc in Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 on 64-bit Linux platforms does not properly perform pointer arithmetic, which allows remote attackers to bypass message deserialization validation, and cause a denial of service or possibly have unspecified other impact, via invalid pickle data.
Family: windows Class: vulnerability
Reference(s): CVE-2010-4574
Version: 13
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14161
 
Oval ID: oval:org.mitre.oval:def:14161
Title: browser/worker_host/message_port_dispatcher.cc in Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 does not properly handle certain postMessage calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted JavaScript code that creates a web worker.
Description: browser/worker_host/message_port_dispatcher.cc in Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 does not properly handle certain postMessage calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted JavaScript code that creates a web worker.
Family: windows Class: vulnerability
Reference(s): CVE-2010-4576
Version: 15
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14323
 
Oval ID: oval:org.mitre.oval:def:14323
Title: Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 do not properly perform cursor handling, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale pointers."
Description: Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 do not properly perform cursor handling, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale pointers."
Family: windows Class: vulnerability
Reference(s): CVE-2010-4578
Version: 15
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14427
 
Oval ID: oval:org.mitre.oval:def:14427
Title: The ThemeInstalledInfoBarDelegate::Observe function in browser/extensions/theme_installed_infobar_delegate.cc in Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 does not properly handle incorrect tab interaction by an extension, which allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted extension.
Description: The ThemeInstalledInfoBarDelegate::Observe function in browser/extensions/theme_installed_infobar_delegate.cc in Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 does not properly handle incorrect tab interaction by an extension, which allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted extension.
Family: windows Class: vulnerability
Reference(s): CVE-2010-4575
Version: 15
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21433
 
Oval ID: oval:org.mitre.oval:def:21433
Title: RHSA-2011:0177: webkitgtk security update (Moderate)
Description: The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit, as used in Google Chrome before 8.0.552.224, Chrome OS before 8.0.552.343, webkitgtk before 1.2.6, and other products does not properly parse Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted local font, related to "Type Confusion."
Family: unix Class: patch
Reference(s): RHSA-2011:0177-01
CVE-2010-1780
CVE-2010-1782
CVE-2010-1783
CVE-2010-1784
CVE-2010-1785
CVE-2010-1786
CVE-2010-1787
CVE-2010-1788
CVE-2010-1790
CVE-2010-1792
CVE-2010-1793
CVE-2010-1807
CVE-2010-1812
CVE-2010-1814
CVE-2010-1815
CVE-2010-3113
CVE-2010-3114
CVE-2010-3115
CVE-2010-3116
CVE-2010-3119
CVE-2010-3255
CVE-2010-3257
CVE-2010-3259
CVE-2010-3812
CVE-2010-3813
CVE-2010-4197
CVE-2010-4198
CVE-2010-4204
CVE-2010-4206
CVE-2010-4577
Version: 393
Platform(s): Red Hat Enterprise Linux 6
Product(s): webkitgtk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23285
 
Oval ID: oval:org.mitre.oval:def:23285
Title: ELSA-2011:0177: webkitgtk security update (Moderate)
Description: The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit, as used in Google Chrome before 8.0.552.224, Chrome OS before 8.0.552.343, webkitgtk before 1.2.6, and other products does not properly parse Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted local font, related to "Type Confusion."
Family: unix Class: patch
Reference(s): ELSA-2011:0177-01
CVE-2010-1780
CVE-2010-1782
CVE-2010-1783
CVE-2010-1784
CVE-2010-1785
CVE-2010-1786
CVE-2010-1787
CVE-2010-1788
CVE-2010-1790
CVE-2010-1792
CVE-2010-1793
CVE-2010-1807
CVE-2010-1812
CVE-2010-1814
CVE-2010-1815
CVE-2010-3113
CVE-2010-3114
CVE-2010-3115
CVE-2010-3116
CVE-2010-3119
CVE-2010-3255
CVE-2010-3257
CVE-2010-3259
CVE-2010-3812
CVE-2010-3813
CVE-2010-4197
CVE-2010-4198
CVE-2010-4204
CVE-2010-4206
CVE-2010-4577
Version: 125
Platform(s): Oracle Linux 6
Product(s): webkitgtk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27757
 
Oval ID: oval:org.mitre.oval:def:27757
Title: DEPRECATED: ELSA-2011-0177 -- webkitgtk security update (moderate)
Description: [1.2.6-2] - Added fix for js regression [1.2.6-1] - Update to 1.2.6
Family: unix Class: patch
Reference(s): ELSA-2011-0177
CVE-2010-3255
CVE-2010-3257
CVE-2010-3259
CVE-2010-3812
CVE-2010-3813
CVE-2010-1780
CVE-2010-1782
CVE-2010-1783
CVE-2010-1784
CVE-2010-1785
CVE-2010-1786
CVE-2010-1787
CVE-2010-1788
CVE-2010-1790
CVE-2010-1792
CVE-2010-1793
CVE-2010-1807
CVE-2010-1812
CVE-2010-1814
CVE-2010-1815
CVE-2010-3113
CVE-2010-3114
CVE-2010-3115
CVE-2010-3116
CVE-2010-3119
CVE-2010-4197
CVE-2010-4198
CVE-2010-4204
CVE-2010-4206
CVE-2010-4577
Version: 4
Platform(s): Oracle Linux 6
Product(s): webkitgtk
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 894
Application 6
Os 2
Os 1
Os 37

ExploitDB Exploits

id Description
2012-11-01 Konqueror 4.7.3 Memory Corruption

OpenVAS Exploits

Date Description
2012-06-05 Name : RedHat Update for webkitgtk RHSA-2011:0177-01
File : nvt/gb_RHSA-2011_0177-01_webkitgtk.nasl
2011-08-27 Name : Ubuntu Update for webkit USN-1195-1
File : nvt/gb_ubuntu_USN_1195_1.nasl
2011-05-12 Name : Debian Security Advisory DSA 2188-1 (webkit)
File : nvt/deb_2188_1.nasl
2011-03-09 Name : Gentoo Security Advisory GLSA 201012-01 (chromium)
File : nvt/glsa_201012_01.nasl
2011-03-05 Name : FreeBSD Ports: webkit-gtk2
File : nvt/freebsd_webkit-gtk23.nasl
2011-02-18 Name : Fedora Update for webkitgtk FEDORA-2011-1224
File : nvt/gb_fedora_2011_1224_webkitgtk_fc13.nasl
2011-01-24 Name : FreeBSD Ports: webkit-gtk2
File : nvt/freebsd_webkit-gtk22.nasl
2011-01-11 Name : Fedora Update for webkitgtk FEDORA-2011-0121
File : nvt/gb_fedora_2011_0121_webkitgtk_fc13.nasl
2010-12-27 Name : Google Chrome multiple vulnerabilities - Dec 10(Linux)
File : nvt/gb_google_chrome_mult_vuln_dec10_lin.nasl
2010-12-27 Name : Google Chrome multiple vulnerabilities - Dec 10(Windows)
File : nvt/gb_google_chrome_mult_vuln_dec10_win.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
70106 Google Chrome Cursor Handling Stale Pointer Remote DoS

Google Chrome contains a flaw that may allow a remote denial of service. The issue is triggered when the program fails to properly perform cursor handling, allowing a remote attacker to cause a denial of service via unknown vectors leading to 'stale pointers'.
70105 Google Chrome CSS Token Sequence Out-of-bounds Read Remote DoS

Google Chrome contains a flaw that may allow a remote denial of service. The issue is triggered when the program fails to properly parse CSS token sequences, allowing a remote attacker to cause an out-of-bounds read denial of service via unspecified vectors.
70104 Google Chrome browser/worker_host/message_port_dispatcher.cc postMessage Call...

Google Chrome contains a flaw that may allow a remote denial of service. The issue is triggered when 'browser/worker_host/message_port_dispatcher.cc' fails to properly handle certain postMessage calls, allowing a remote attacker to use crafted JavaScript code that creates a web worker to cause a denial of service via a NULL pointer dereference.
70103 Google Chrome browser/extensions/theme_installed_infobar_delegate.cc ThemeIns...

Google Chrome contains a flaw that may allow a context-dependent denial of service. The issue is triggered when the 'ThemeInstalledInfoBarDelegate::Observe' function in 'browser/extensions/theme_installed_infobar_delegate.cc' fails to properly handle incorrect tab interaction by an extension, allowing a context-dependent attacker to use a maliciously crafted extension to cause a denial of service.
70102 Google Chrome base/pickle.cc Pickle::Pickle Function Message Deserialization ...

Google Chrome contains a flaw that may allow a remotedenial of service. The issue is triggered when the 'Pickle::Pickle' function in 'base/pickle.cc' fails to properly perform pointer arithmetic, allowing a remote attacker to bypass message deserialization validation to cause a denial of service via invalid pickle data.

Nessus® Vulnerability Scanner

Date Description
2014-12-15 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201412-09.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_libwebkit-110223.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0177.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110125_webkitgtk_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2011-08-24 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1195-1.nasl - Type : ACT_GATHER_INFO
2011-06-29 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_webkit-1_2_7-update-110622.nasl - Type : ACT_GATHER_INFO
2011-05-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_libwebkit-110223.nasl - Type : ACT_GATHER_INFO
2011-03-11 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2188.nasl - Type : ACT_GATHER_INFO
2011-02-18 Name : The remote Fedora host is missing a security update.
File : fedora_2011-1224.nasl - Type : ACT_GATHER_INFO
2011-02-11 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_35ecdcbe350111e0afcd0015f2db7bde.nasl - Type : ACT_GATHER_INFO
2011-01-26 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0177.nasl - Type : ACT_GATHER_INFO
2011-01-10 Name : The remote Fedora host is missing a security update.
File : fedora_2011-0121.nasl - Type : ACT_GATHER_INFO
2011-01-03 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_06a12e26142e11e0bea20015f2db7bde.nasl - Type : ACT_GATHER_INFO
2010-12-20 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201012-01.nasl - Type : ACT_GATHER_INFO
2010-12-14 Name : The remote host contains a web browser that is affected by multiple vulnerabi...
File : google_chrome_8_0_552_224.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:36:57
  • Multiple Updates