GLSA-201205-03

Executive Summary

Summary
Title	Chromium, V8: Multiple vulnerabilities

Informations
Name	GLSA-201205-03	First vendor Publication	2012-05-21
Vendor	Gentoo	Last vendor Modification	2012-05-21
Severity (Vendor)	Normal	Revision	N/A

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score	10	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	10	Authentification	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

Multiple vulnerabilities have been reported in Chromium and V8, some of which may allow execution of arbitrary code.

Background

Chromium is an open source web browser project. V8 is Google’s open source JavaScript engine.

Description

Multiple vulnerabilities have been discovered in Chromium and V8.
Please review the CVE identifiers and release notes referenced below for details.

Impact

A context-dependent attacker could entice a user to open a specially crafted web site or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process, or a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All Chromium users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-client/chromium-19.0.1084.46"

All V8 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/v8-3.9.24.21"

References

[ 1 ] CVE-2011-3083 : http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3083
[ 2 ] CVE-2011-3084 : http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3084
[ 3 ] CVE-2011-3085 : http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3085
[ 4 ] CVE-2011-3086 : http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3086
[ 5 ] CVE-2011-3087 : http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3087
[ 6 ] CVE-2011-3088 : http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3088
[ 7 ] CVE-2011-3089 : http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3089
[ 8 ] CVE-2011-3090 : http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3090
[ 9 ] CVE-2011-3091 : http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3091
[ 10 ] CVE-2011-3092 : http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3092
[ 11 ] CVE-2011-3093 : http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3093
[ 12 ] CVE-2011-3094 : http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3094
[ 13 ] CVE-2011-3095 : http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3095
[ 14 ] CVE-2011-3096 : http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3096
[ 15 ] CVE-2011-3100 : http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3100
[ 16 ] CVE-2011-3101 : http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3101
[ 17 ] Release Notes 19.0.1084.46

http://googlechromereleases.blogspot.com/2012/05/stable-channel-update.html

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201205-03.xml

Original Source

Url : http://security.gentoo.org/glsa/glsa-201205-03.xml

CWE : Common Weakness Enumeration

id	Name
CWE-399	Resource Management Errors
CWE-20	Improper Input Validation
CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer
CWE-362	Race Condition
CWE-264	Permissions, Privileges, and Access Controls

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:15103

Oval ID:	oval:org.mitre.oval:def:15103
Title:	Google Chrome before 19.0.1084.46 does not properly handle a malformed ftp URL in the SRC attribute of a VIDEO element
Description:	browser/profiles/profile_impl_io_data.cc in Google Chrome before 19.0.1084.46 does not properly handle a malformed ftp URL in the SRC attribute of a VIDEO element, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted web page.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2011-3083	Version:	5
Platform(s):	Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP	Product(s):	Google Chrome
Definition Synopsis:
Google Chrome is installed AND Check if the version of Google Chrome is less than 19.0.1084.46

Definition Id: oval:org.mitre.oval:def:15223

Oval ID:	oval:org.mitre.oval:def:15223
Title:	Google Chrome before 19.0.1084.46 does not use a dedicated process for the loading of links found on an internal page
Description:	Google Chrome before 19.0.1084.46 does not use a dedicated process for the loading of links found on an internal page, which might allow attackers to bypass intended sandbox restrictions via a crafted page.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2011-3084	Version:	5
Platform(s):	Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP	Product(s):	Google Chrome
Definition Synopsis:
Google Chrome is installed AND Check if the version of Google Chrome is less than 19.0.1084.46

Definition Id: oval:org.mitre.oval:def:15256

Oval ID:	oval:org.mitre.oval:def:15256
Title:	The Autofill feature in Google Chrome before 19.0.1084.46 does not properly restrict field values
Description:	The Autofill feature in Google Chrome before 19.0.1084.46 does not properly restrict field values, which allows remote attackers to cause a denial of service (UI corruption) and possibly conduct spoofing attacks via vectors involving long values.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2011-3085	Version:	5
Platform(s):	Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP	Product(s):	Google Chrome
Definition Synopsis:
Google Chrome is installed AND Check if the version of Google Chrome is less than 19.0.1084.46

Definition Id: oval:org.mitre.oval:def:15206

Oval ID:	oval:org.mitre.oval:def:15206
Title:	Use-after-free vulnerability in Google Chrome before 19.0.1084.46 via vectors involving a STYLE element.
Description:	Use-after-free vulnerability in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a STYLE element.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2011-3086	Version:	5
Platform(s):	Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP	Product(s):	Google Chrome
Definition Synopsis:
Google Chrome is installed AND Check if the version of Google Chrome is less than 19.0.1084.46

Definition Id: oval:org.mitre.oval:def:15567

Oval ID:	oval:org.mitre.oval:def:15567
Title:	Google Chrome before 19.0.1084.46 does not properly perform window navigation
Description:	Google Chrome before 19.0.1084.46 does not properly perform window navigation, which has unspecified impact and remote attack vectors.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2011-3087	Version:	5
Platform(s):	Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP	Product(s):	Google Chrome
Definition Synopsis:
Google Chrome is installed AND Check if the version of Google Chrome is less than 19.0.1084.46

Definition Id: oval:org.mitre.oval:def:15581

Oval ID:	oval:org.mitre.oval:def:15581
Title:	Google Chrome before 19.0.1084.46 does not properly draw hairlines
Description:	Google Chrome before 19.0.1084.46 does not properly draw hairlines, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2011-3088	Version:	5
Platform(s):	Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP	Product(s):	Google Chrome
Definition Synopsis:
Google Chrome is installed AND Check if the version of Google Chrome is less than 19.0.1084.46

Definition Id: oval:org.mitre.oval:def:15474

Oval ID:	oval:org.mitre.oval:def:15474
Title:	Use-after-free vulnerability in Google Chrome before 19.0.1084.46 via vectors involving tables.
Description:	Use-after-free vulnerability in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving tables.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2011-3089	Version:	5
Platform(s):	Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP	Product(s):	Google Chrome
Definition Synopsis:
Google Chrome is installed AND Check if the version of Google Chrome is less than 19.0.1084.46

Definition Id: oval:org.mitre.oval:def:15605

Oval ID:	oval:org.mitre.oval:def:15605
Title:	Race condition in Google Chrome before 19.0.1084.46
Description:	Race condition in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to worker processes.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2011-3090	Version:	5
Platform(s):	Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP	Product(s):	Google Chrome
Definition Synopsis:
Google Chrome is installed AND Check if the version of Google Chrome is less than 19.0.1084.46

Definition Id: oval:org.mitre.oval:def:15196

Oval ID:	oval:org.mitre.oval:def:15196
Title:	Use-after-free vulnerability in the IndexedDB implementation in Google Chrome before 19.0.1084.46
Description:	Use-after-free vulnerability in the IndexedDB implementation in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2011-3091	Version:	5
Platform(s):	Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP	Product(s):	Google Chrome
Definition Synopsis:
Google Chrome is installed AND Check if the version of Google Chrome is less than 19.0.1084.46

Definition Id: oval:org.mitre.oval:def:15610

Oval ID:	oval:org.mitre.oval:def:15610
Title:	Vulnerability in regex implementation in Google V8, as used in Google Chrome before 19.0.1084.46
Description:	The regex implementation in Google V8, as used in Google Chrome before 19.0.1084.46, allows remote attackers to cause a denial of service (invalid write operation) or possibly have unspecified other impact via unknown vectors.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2011-3092	Version:	5
Platform(s):	Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP	Product(s):	Google Chrome
Definition Synopsis:
Google Chrome is installed AND Check if the version of Google Chrome is less than 19.0.1084.46

Definition Id: oval:org.mitre.oval:def:15358

Oval ID:	oval:org.mitre.oval:def:15358
Title:	Google Chrome before 19.0.1084.46 does not properly handle glyphs
Description:	Google Chrome before 19.0.1084.46 does not properly handle glyphs, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2011-3093	Version:	5
Platform(s):	Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP	Product(s):	Google Chrome
Definition Synopsis:
Google Chrome is installed AND Check if the version of Google Chrome is less than 19.0.1084.46

Definition Id: oval:org.mitre.oval:def:15233

Oval ID:	oval:org.mitre.oval:def:15233
Title:	Google Chrome before 19.0.1084.46 does not properly handle Tibetan text
Description:	Google Chrome before 19.0.1084.46 does not properly handle Tibetan text, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2011-3094	Version:	5
Platform(s):	Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP	Product(s):	Google Chrome
Definition Synopsis:
Google Chrome is installed AND Check if the version of Google Chrome is less than 19.0.1084.46

Definition Id: oval:org.mitre.oval:def:15159

Oval ID:	oval:org.mitre.oval:def:15159
Title:	Vulnerability in the OGG container in Google Chrome before 19.0.1084.46 via vectors that trigger an out-of-bounds write.
Description:	The OGG container in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2011-3095	Version:	5
Platform(s):	Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP	Product(s):	Google Chrome
Definition Synopsis:
Google Chrome is installed AND Check if the version of Google Chrome is less than 19.0.1084.46

Definition Id: oval:org.mitre.oval:def:15224

Oval ID:	oval:org.mitre.oval:def:15224
Title:	Google Chrome before 19.0.1084.46 does not properly draw dash paths
Description:	Google Chrome before 19.0.1084.46 does not properly draw dash paths, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2011-3100	Version:	5
Platform(s):	Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP	Product(s):	Google Chrome
Definition Synopsis:
Google Chrome is installed AND Check if the version of Google Chrome is less than 19.0.1084.46

CPE : Common Platform Enumeration

Type	Description	Count
Application	Google Chrome cpe:/a:google:chrome:19.0.1084.45	1

Type	Count
Oval ID(s)	14
CPE ID(s)	1

Related	Severity
CVE-2011-3101	(Critical)
CVE-2011-3095	(Critical)
CVE-2011-3092	(Critical)
CVE-2011-3091	(Critical)
CVE-2011-3089	(Critical)
CVE-2011-3087	(Critical)
CVE-2011-3086	(Critical)
CVE-2011-3090	(High)
CVE-2011-3096	(High)
CVE-2011-3084	(High)
CVE-2011-3100	(Medium)
CVE-2011-3094	(Medium)
CVE-2011-3093	(Medium)
CVE-2011-3088	(Medium)
CVE-2011-3085	(Medium)
CVE-2011-3083	(Medium)