Executive Summary
Summary | |
---|---|
Title | Chromium: Multiple vulnerabilities |
Informations | |||
---|---|---|---|
Name | GLSA-201012-01 | First vendor Publication | 2010-12-17 |
Vendor | Gentoo | Last vendor Modification | 2010-12-17 |
Severity (Vendor) | Normal | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Synopsis Multiple vulnerabilities have been reported in Chromium, some of which may allow user-assisted execution of arbitrary code. Background Description Impact It was also possible for an attacker to entice a user to visit a specially-crafted web page that would trigger one of the vulnerabilities, leading to execution of arbitrary code within the confines of the sandbox, successful Cross-Site Scripting attacks, violation of the same-origin policy, successful website spoofing attacks, information leak, or a Denial of Service. An attacker could also trick a user to perform a set of UI actions that might result in a successful website spoofing attack. Multiple bugs in the sandbox could result in a sandbox escape. Multiple UI bugs could lead to information leak and successful website spoofing attacks. Workaround Resolution References http://googlechromereleases.blogspot.com/2010/06/stable-channel-update_24.html [ 2 ] Release Notes 5.0.375.99 http://googlechromereleases.blogspot.com/2010/07/stable-channel-update.html [ 3 ] Release Notes 5.0.375.125 http://googlechromereleases.blogspot.com/2010/07/stable-channel-update_26.html [ 4 ] Release Notes 5.0.375.127 http://googlechromereleases.blogspot.com/2010/08/stable-channel-update_19.html [ 5 ] Release Notes 6.0.472.59 http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html [ 6 ] Release Notes 6.0.472.62 http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_17.html [ 7 ] Release Notes 7.0.517.41 http://googlechromereleases.blogspot.com/2010/10/stable-channel-update.html [ 8 ] Release Notes 7.0.517.44 http://googlechromereleases.blogspot.com/2010/11/stable-channel-update.html [ 9 ] Release Notes 8.0.552.215 http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates.html [ 10 ] Release Notes 8.0.552.224 http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates_13.html Availability http://security.gentoo.org/glsa/glsa-201012-01.xml |
Original Source
Url : http://security.gentoo.org/glsa/glsa-201012-01.xml |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
25 % | CWE-502 | Deserialization of Untrusted Data |
25 % | CWE-476 | NULL Pointer Dereference |
25 % | CWE-125 | Out-of-bounds Read |
25 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:13953 | |||
Oval ID: | oval:org.mitre.oval:def:13953 | ||
Title: | The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit, as used in Google Chrome before 8.0.552.224, Chrome OS before 8.0.552.343, webkitgtk before 1.2.6, and other products does not properly parse Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted local font, related to "Type Confusion." | ||
Description: | The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit, as used in Google Chrome before 8.0.552.224, Chrome OS before 8.0.552.343, webkitgtk before 1.2.6, and other products does not properly parse Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted local font, related to "Type Confusion." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-4577 | Version: | 15 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Google Chrome |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14141 | |||
Oval ID: | oval:org.mitre.oval:def:14141 | ||
Title: | DEPRECATED: The Pickle::Pickle function in base/pickle.cc in Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 on 64-bit Linux platforms does not properly perform pointer arithmetic, which allows remote attackers to bypass message deserialization validation, and cause a denial of service or possibly have unspecified other impact, via invalid pickle data. | ||
Description: | The Pickle::Pickle function in base/pickle.cc in Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 on 64-bit Linux platforms does not properly perform pointer arithmetic, which allows remote attackers to bypass message deserialization validation, and cause a denial of service or possibly have unspecified other impact, via invalid pickle data. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-4574 | Version: | 13 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Google Chrome |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14161 | |||
Oval ID: | oval:org.mitre.oval:def:14161 | ||
Title: | browser/worker_host/message_port_dispatcher.cc in Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 does not properly handle certain postMessage calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted JavaScript code that creates a web worker. | ||
Description: | browser/worker_host/message_port_dispatcher.cc in Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 does not properly handle certain postMessage calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted JavaScript code that creates a web worker. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-4576 | Version: | 15 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Google Chrome |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14323 | |||
Oval ID: | oval:org.mitre.oval:def:14323 | ||
Title: | Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 do not properly perform cursor handling, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale pointers." | ||
Description: | Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 do not properly perform cursor handling, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale pointers." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-4578 | Version: | 15 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Google Chrome |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14427 | |||
Oval ID: | oval:org.mitre.oval:def:14427 | ||
Title: | The ThemeInstalledInfoBarDelegate::Observe function in browser/extensions/theme_installed_infobar_delegate.cc in Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 does not properly handle incorrect tab interaction by an extension, which allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted extension. | ||
Description: | The ThemeInstalledInfoBarDelegate::Observe function in browser/extensions/theme_installed_infobar_delegate.cc in Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 does not properly handle incorrect tab interaction by an extension, which allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted extension. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-4575 | Version: | 15 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Google Chrome |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21433 | |||
Oval ID: | oval:org.mitre.oval:def:21433 | ||
Title: | RHSA-2011:0177: webkitgtk security update (Moderate) | ||
Description: | The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit, as used in Google Chrome before 8.0.552.224, Chrome OS before 8.0.552.343, webkitgtk before 1.2.6, and other products does not properly parse Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted local font, related to "Type Confusion." | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2011:0177-01 CVE-2010-1780 CVE-2010-1782 CVE-2010-1783 CVE-2010-1784 CVE-2010-1785 CVE-2010-1786 CVE-2010-1787 CVE-2010-1788 CVE-2010-1790 CVE-2010-1792 CVE-2010-1793 CVE-2010-1807 CVE-2010-1812 CVE-2010-1814 CVE-2010-1815 CVE-2010-3113 CVE-2010-3114 CVE-2010-3115 CVE-2010-3116 CVE-2010-3119 CVE-2010-3255 CVE-2010-3257 CVE-2010-3259 CVE-2010-3812 CVE-2010-3813 CVE-2010-4197 CVE-2010-4198 CVE-2010-4204 CVE-2010-4206 CVE-2010-4577 | Version: | 393 |
Platform(s): | Red Hat Enterprise Linux 6 | Product(s): | webkitgtk |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23285 | |||
Oval ID: | oval:org.mitre.oval:def:23285 | ||
Title: | ELSA-2011:0177: webkitgtk security update (Moderate) | ||
Description: | The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit, as used in Google Chrome before 8.0.552.224, Chrome OS before 8.0.552.343, webkitgtk before 1.2.6, and other products does not properly parse Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted local font, related to "Type Confusion." | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:0177-01 CVE-2010-1780 CVE-2010-1782 CVE-2010-1783 CVE-2010-1784 CVE-2010-1785 CVE-2010-1786 CVE-2010-1787 CVE-2010-1788 CVE-2010-1790 CVE-2010-1792 CVE-2010-1793 CVE-2010-1807 CVE-2010-1812 CVE-2010-1814 CVE-2010-1815 CVE-2010-3113 CVE-2010-3114 CVE-2010-3115 CVE-2010-3116 CVE-2010-3119 CVE-2010-3255 CVE-2010-3257 CVE-2010-3259 CVE-2010-3812 CVE-2010-3813 CVE-2010-4197 CVE-2010-4198 CVE-2010-4204 CVE-2010-4206 CVE-2010-4577 | Version: | 125 |
Platform(s): | Oracle Linux 6 | Product(s): | webkitgtk |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:27757 | |||
Oval ID: | oval:org.mitre.oval:def:27757 | ||
Title: | DEPRECATED: ELSA-2011-0177 -- webkitgtk security update (moderate) | ||
Description: | [1.2.6-2] - Added fix for js regression [1.2.6-1] - Update to 1.2.6 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011-0177 CVE-2010-3255 CVE-2010-3257 CVE-2010-3259 CVE-2010-3812 CVE-2010-3813 CVE-2010-1780 CVE-2010-1782 CVE-2010-1783 CVE-2010-1784 CVE-2010-1785 CVE-2010-1786 CVE-2010-1787 CVE-2010-1788 CVE-2010-1790 CVE-2010-1792 CVE-2010-1793 CVE-2010-1807 CVE-2010-1812 CVE-2010-1814 CVE-2010-1815 CVE-2010-3113 CVE-2010-3114 CVE-2010-3115 CVE-2010-3116 CVE-2010-3119 CVE-2010-4197 CVE-2010-4198 CVE-2010-4204 CVE-2010-4206 CVE-2010-4577 | Version: | 4 |
Platform(s): | Oracle Linux 6 | Product(s): | webkitgtk |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2012-11-01 | Konqueror 4.7.3 Memory Corruption |
OpenVAS Exploits
Date | Description |
---|---|
2012-06-05 | Name : RedHat Update for webkitgtk RHSA-2011:0177-01 File : nvt/gb_RHSA-2011_0177-01_webkitgtk.nasl |
2011-08-27 | Name : Ubuntu Update for webkit USN-1195-1 File : nvt/gb_ubuntu_USN_1195_1.nasl |
2011-05-12 | Name : Debian Security Advisory DSA 2188-1 (webkit) File : nvt/deb_2188_1.nasl |
2011-03-09 | Name : Gentoo Security Advisory GLSA 201012-01 (chromium) File : nvt/glsa_201012_01.nasl |
2011-03-05 | Name : FreeBSD Ports: webkit-gtk2 File : nvt/freebsd_webkit-gtk23.nasl |
2011-02-18 | Name : Fedora Update for webkitgtk FEDORA-2011-1224 File : nvt/gb_fedora_2011_1224_webkitgtk_fc13.nasl |
2011-01-24 | Name : FreeBSD Ports: webkit-gtk2 File : nvt/freebsd_webkit-gtk22.nasl |
2011-01-11 | Name : Fedora Update for webkitgtk FEDORA-2011-0121 File : nvt/gb_fedora_2011_0121_webkitgtk_fc13.nasl |
2010-12-27 | Name : Google Chrome multiple vulnerabilities - Dec 10(Linux) File : nvt/gb_google_chrome_mult_vuln_dec10_lin.nasl |
2010-12-27 | Name : Google Chrome multiple vulnerabilities - Dec 10(Windows) File : nvt/gb_google_chrome_mult_vuln_dec10_win.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
70106 | Google Chrome Cursor Handling Stale Pointer Remote DoS Google Chrome contains a flaw that may allow a remote denial of service. The issue is triggered when the program fails to properly perform cursor handling, allowing a remote attacker to cause a denial of service via unknown vectors leading to 'stale pointers'. |
70105 | Google Chrome CSS Token Sequence Out-of-bounds Read Remote DoS Google Chrome contains a flaw that may allow a remote denial of service. The issue is triggered when the program fails to properly parse CSS token sequences, allowing a remote attacker to cause an out-of-bounds read denial of service via unspecified vectors. |
70104 | Google Chrome browser/worker_host/message_port_dispatcher.cc postMessage Call... Google Chrome contains a flaw that may allow a remote denial of service. The issue is triggered when 'browser/worker_host/message_port_dispatcher.cc' fails to properly handle certain postMessage calls, allowing a remote attacker to use crafted JavaScript code that creates a web worker to cause a denial of service via a NULL pointer dereference. |
70103 | Google Chrome browser/extensions/theme_installed_infobar_delegate.cc ThemeIns... Google Chrome contains a flaw that may allow a context-dependent denial of service. The issue is triggered when the 'ThemeInstalledInfoBarDelegate::Observe' function in 'browser/extensions/theme_installed_infobar_delegate.cc' fails to properly handle incorrect tab interaction by an extension, allowing a context-dependent attacker to use a maliciously crafted extension to cause a denial of service. |
70102 | Google Chrome base/pickle.cc Pickle::Pickle Function Message Deserialization ... Google Chrome contains a flaw that may allow a remotedenial of service. The issue is triggered when the 'Pickle::Pickle' function in 'base/pickle.cc' fails to properly perform pointer arithmetic, allowing a remote attacker to bypass message deserialization validation to cause a denial of service via invalid pickle data. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-12-15 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201412-09.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_libwebkit-110223.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0177.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110125_webkitgtk_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2011-08-24 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1195-1.nasl - Type : ACT_GATHER_INFO |
2011-06-29 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_webkit-1_2_7-update-110622.nasl - Type : ACT_GATHER_INFO |
2011-05-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_libwebkit-110223.nasl - Type : ACT_GATHER_INFO |
2011-03-11 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2188.nasl - Type : ACT_GATHER_INFO |
2011-02-18 | Name : The remote Fedora host is missing a security update. File : fedora_2011-1224.nasl - Type : ACT_GATHER_INFO |
2011-02-11 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_35ecdcbe350111e0afcd0015f2db7bde.nasl - Type : ACT_GATHER_INFO |
2011-01-26 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0177.nasl - Type : ACT_GATHER_INFO |
2011-01-10 | Name : The remote Fedora host is missing a security update. File : fedora_2011-0121.nasl - Type : ACT_GATHER_INFO |
2011-01-03 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_06a12e26142e11e0bea20015f2db7bde.nasl - Type : ACT_GATHER_INFO |
2010-12-20 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201012-01.nasl - Type : ACT_GATHER_INFO |
2010-12-14 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : google_chrome_8_0_552_224.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:36:57 |
|