Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Chromium, V8: Multiple vulnerabilities
Informations
Name GLSA-201111-05 First vendor Publication 2011-11-19
Vendor Gentoo Last vendor Modification 2011-11-19
Severity (Vendor) Normal Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

Multiple vulnerabilities have been reported in Chromium and V8, some of which may allow execution of arbitrary code.

Background

Chromium is an open-source web browser project. V8 is Google's open source JavaScript engine.

Description

Multiple vulnerabilities have been discovered in Chromium and V8.
Please review the CVE identifiers and release notes referenced below for details.

Impact

A context-dependent attacker could entice a user to open a specially crafted web site or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process, or a Denial of Service condition. The attacker also could cause a Java applet to run without user confirmation.

Workaround

There is no known workaround at this time.

Resolution

All Chromium users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-client/chromium-15.0.874.121"

All V8 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/v8-3.5.10.24"

References

[ 1 ] CVE-2011-3892 : http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3892
[ 2 ] CVE-2011-3893 : http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3893
[ 3 ] CVE-2011-3894 : http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3894
[ 4 ] CVE-2011-3895 : http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3895
[ 5 ] CVE-2011-3896 : http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3896
[ 6 ] CVE-2011-3897 : http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3897
[ 7 ] CVE-2011-3898 : http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3898
[ 8 ] CVE-2011-3900 : http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3900
[ 9 ] Release Notes 15.0.874.120

http://googlechromereleases.blogspot.com/2011/11/stable-channel-update.html
[ 10 ] Release Notes 15.0.874.121

http://googlechromereleases.blogspot.com/2011/11/stable-channel-update_16.html

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201111-05.xml

Original Source

Url : http://security.gentoo.org/glsa/glsa-201111-05.xml

CWE : Common Weakness Enumeration

% Id Name
25 % CWE-787 Out-of-bounds Write (CWE/SANS Top 25)
12 % CWE-416 Use After Free
12 % CWE-415 Double Free
12 % CWE-269 Improper Privilege Management
12 % CWE-125 Out-of-bounds Read
12 % CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CWE/SANS Top 25)
12 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:13551
 
Oval ID: oval:org.mitre.oval:def:13551
Title: Heap-based buffer overflow in the Vorbis decoder in Google Chrome before 15.0.874.120 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted stream.
Description: Heap-based buffer overflow in the Vorbis decoder in Google Chrome before 15.0.874.120 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted stream.
Family: windows Class: vulnerability
Reference(s): CVE-2011-3895
 Version: 15
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14155
 
Oval ID: oval:org.mitre.oval:def:14155
Title: Google V8, as used in Google Chrome before 15.0.874.121, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write operation.
Description: Google V8, as used in Google Chrome before 15.0.874.121, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write operation.
Family: windows Class: vulnerability
Reference(s): CVE-2011-3900
 Version: 15
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14166
 
Oval ID: oval:org.mitre.oval:def:14166
Title: Google Chrome before 15.0.874.120 does not properly perform VP8 decoding, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted stream.
Description: Google Chrome before 15.0.874.120 does not properly perform VP8 decoding, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted stream.
Family: windows Class: vulnerability
Reference(s): CVE-2011-3894
 Version: 15
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14250
 
Oval ID: oval:org.mitre.oval:def:14250
Title: Use-after-free vulnerability in Google Chrome before 15.0.874.120 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to editing.
Description: Use-after-free vulnerability in Google Chrome before 15.0.874.120 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to editing.
Family: windows Class: vulnerability
Reference(s): CVE-2011-3897
 Version: 15
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14266
 
Oval ID: oval:org.mitre.oval:def:14266
Title: Google Chrome before 15.0.874.120, when Java Runtime Environment (JRE) 7 is used, does not request user confirmation before applet execution begins, which allows remote attackers to have an unspecified impact via a crafted applet.
Description: Google Chrome before 15.0.874.120, when Java Runtime Environment (JRE) 7 is used, does not request user confirmation before applet execution begins, which allows remote attackers to have an unspecified impact via a crafted applet.
Family: windows Class: vulnerability
Reference(s): CVE-2011-3898
 Version: 15
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14267
 
Oval ID: oval:org.mitre.oval:def:14267
Title: Google Chrome before 15.0.874.120 does not properly implement the MKV and Vorbis media handlers, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
Description: Google Chrome before 15.0.874.120 does not properly implement the MKV and Vorbis media handlers, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2011-3893
 Version: 15
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14423
 
Oval ID: oval:org.mitre.oval:def:14423
Title: Buffer overflow in Google Chrome before 15.0.874.120 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to shader variable mapping.
Description: Buffer overflow in Google Chrome before 15.0.874.120 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to shader variable mapping.
Family: windows Class: vulnerability
Reference(s): CVE-2011-3896
 Version: 15
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14484
 
Oval ID: oval:org.mitre.oval:def:14484
Title: Double free vulnerability in the Theora decoder in Google Chrome before 15.0.874.120 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted stream.
Description: Double free vulnerability in the Theora decoder in Google Chrome before 15.0.874.120 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted stream.
Family: windows Class: vulnerability
Reference(s): CVE-2011-3892
 Version: 15
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
 Product(s): Google Chrome
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 276
Application 203
Application 1845
Os 117
Os 1
Os 1

OpenVAS Exploits

Date Description
2013-09-18 Name : Debian Security Advisory DSA 2471-1 (ffmpeg - several vulnerabilities)
File : nvt/deb_2471_1.nasl
2012-08-03 Name : Mandriva Update for ffmpeg MDVSA-2012:075 (ffmpeg)
File : nvt/gb_mandriva_MDVSA_2012_075.nasl
2012-08-03 Name : Mandriva Update for ffmpeg MDVSA-2012:076 (ffmpeg)
File : nvt/gb_mandriva_MDVSA_2012_076.nasl
2012-03-20 Name : Apple iTunes Multiple Vulnerabilities - Mar12 (Win)
File : nvt/gb_apple_itunes_mult_vuln_mar12_win.nasl
2012-03-13 Name : Apple Safari Webkit Multiple Vulnerabilities - March12 (Mac OS X)
File : nvt/gb_apple_safari_webkit_mult_vuln_mar12_macosx.nasl
2012-03-13 Name : Apple Safari Webkit Multiple Vulnerabilities - March12 (Win)
File : nvt/gb_apple_safari_webkit_mult_vuln_mar12_win.nasl
2012-02-12 Name : Gentoo Security Advisory GLSA 201111-05 (chromium v8)
File : nvt/glsa_201111_05.nasl
2011-11-21 Name : Google Chrome V8 Remote Code Execution Vulnerability (Mac OS X)
File : nvt/secpod_google_chrome_v8_remote_code_exec_vuln_macosx.nasl
2011-11-21 Name : Google Chrome V8 Remote Code Execution Vulnerability (Windows)
File : nvt/secpod_google_chrome_v8_remote_code_exec_vuln_win.nasl
2011-11-15 Name : Google Chrome Multiple Vulnerabilities - November11 (Linux)
File : nvt/gb_google_chrome_mult_vuln_nov11_lin.nasl
2011-11-15 Name : Google Chrome Multiple Vulnerabilities - November11 (Mac OS X)
File : nvt/gb_google_chrome_mult_vuln_nov11_macosx.nasl
2011-11-14 Name : Google Chrome Multiple Vulnerabilities - November11 (Windows)
File : nvt/gb_google_chrome_mult_vuln_nov11_win.nasl
2011-11-11 Name : Google Chrome V8 Remote Code Execution Vulnerability (Linux)
File : nvt/secpod_google_chrome_v8_remote_code_exec_vuln_lin.nasl
2011-01-24 Name : FreeBSD Ports: chromium
File : nvt/freebsd_chromium.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
77193 Google Chrome V8 Out-of-bounds Write Unspecified Remote Memory Corruption
77038 Google Chrome JRE7 Applet Permission Weakness
77037 Google Chrome Editing Unspecified Use-after-free Remote Issue
77036 Google Chrome Shader Variable Mapping Unspecified Remote Overflow
77035 Google Chrome Vorbis Decoder Unspecified Remote Overflow
77034 Google Chrome VP8 Decoding Weakness Unspecified Remote Memory Corruption
77033 Google Chrome MKV / Vorbis Media Handler Out-of-bounds Read Unspecified Remot...
77032 Google Chrome Theora Decoder Unspecified Double-free Remote Issue

Nessus® Vulnerability Scanner

Date Description
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2011-53.nasl - Type : ACT_GATHER_INFO
2013-10-27 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201310-12.nasl - Type : ACT_GATHER_INFO
2013-08-21 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_4d087b35099011e3a9f4bcaec565249c.nasl - Type : ACT_GATHER_INFO
2012-09-06 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2012-076.nasl - Type : ACT_GATHER_INFO
2012-05-15 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2471.nasl - Type : ACT_GATHER_INFO
2012-05-15 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2012-075.nasl - Type : ACT_GATHER_INFO
2012-03-12 Name : The remote host contains a multimedia application that has multiple vulnerabi...
File : itunes_10_6.nasl - Type : ACT_GATHER_INFO
2012-03-12 Name : The remote host contains a multimedia application that has multiple vulnerabi...
File : itunes_10_6_banner.nasl - Type : ACT_GATHER_INFO
2012-03-12 Name : The remote host contains a web browser that is affected by several vulnerabil...
File : macosx_Safari5_1_4.nasl - Type : ACT_GATHER_INFO
2012-03-12 Name : The remote host contains a web browser that is affected by several issues.
File : safari_5_1_4.nasl - Type : ACT_GATHER_INFO
2011-11-22 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201111-05.nasl - Type : ACT_GATHER_INFO
2011-11-22 Name : The remote host contains a web browser that is affected by a memory corruptio...
File : google_chrome_15_0_874_121.nasl - Type : ACT_GATHER_INFO
2011-11-11 Name : The remote host contains a web browser that is affected by multiple vulnerabi...
File : google_chrome_15_0_874_120.nasl - Type : ACT_GATHER_INFO
2010-12-08 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_6887828f022911e0b84d00262d5ed8ee.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:37:05
  • Multiple Updates