Executive Summary

Summary
TitleChromium, V8: Multiple vulnerabilities
Informations
NameGLSA-201205-03First vendor Publication2012-05-21
VendorGentooLast vendor Modification2012-05-21
Severity (Vendor) NormalRevisionN/A

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score10Attack RangeNetwork
Cvss Impact Score10Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

Multiple vulnerabilities have been reported in Chromium and V8, some of which may allow execution of arbitrary code.

Background

Chromium is an open source web browser project. V8 is Google’s open source JavaScript engine.

Description

Multiple vulnerabilities have been discovered in Chromium and V8.
Please review the CVE identifiers and release notes referenced below for details.

Impact

A context-dependent attacker could entice a user to open a specially crafted web site or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process, or a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All Chromium users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-client/chromium-19.0.1084.46"

All V8 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/v8-3.9.24.21"

References

[ 1 ] CVE-2011-3083 : http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3083
[ 2 ] CVE-2011-3084 : http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3084
[ 3 ] CVE-2011-3085 : http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3085
[ 4 ] CVE-2011-3086 : http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3086
[ 5 ] CVE-2011-3087 : http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3087
[ 6 ] CVE-2011-3088 : http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3088
[ 7 ] CVE-2011-3089 : http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3089
[ 8 ] CVE-2011-3090 : http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3090
[ 9 ] CVE-2011-3091 : http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3091
[ 10 ] CVE-2011-3092 : http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3092
[ 11 ] CVE-2011-3093 : http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3093
[ 12 ] CVE-2011-3094 : http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3094
[ 13 ] CVE-2011-3095 : http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3095
[ 14 ] CVE-2011-3096 : http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3096
[ 15 ] CVE-2011-3100 : http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3100
[ 16 ] CVE-2011-3101 : http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3101
[ 17 ] Release Notes 19.0.1084.46

http://googlechromereleases.blogspot.com/2012/05/stable-channel-update.html

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201205-03.xml

Original Source

Url : http://security.gentoo.org/glsa/glsa-201205-03.xml

CWE : Common Weakness Enumeration

idName
CWE-399Resource Management Errors
CWE-20Improper Input Validation
CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer
CWE-362Race Condition
CWE-264Permissions, Privileges, and Access Controls

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:15103
 
Oval ID: oval:org.mitre.oval:def:15103
Title: Google Chrome before 19.0.1084.46 does not properly handle a malformed ftp URL in the SRC attribute of a VIDEO element
Description: browser/profiles/profile_impl_io_data.cc in Google Chrome before 19.0.1084.46 does not properly handle a malformed ftp URL in the SRC attribute of a VIDEO element, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted web page.
Family: windows Class: vulnerability
Reference(s): CVE-2011-3083
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15223
 
Oval ID: oval:org.mitre.oval:def:15223
Title: Google Chrome before 19.0.1084.46 does not use a dedicated process for the loading of links found on an internal page
Description: Google Chrome before 19.0.1084.46 does not use a dedicated process for the loading of links found on an internal page, which might allow attackers to bypass intended sandbox restrictions via a crafted page.
Family: windows Class: vulnerability
Reference(s): CVE-2011-3084
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15256
 
Oval ID: oval:org.mitre.oval:def:15256
Title: The Autofill feature in Google Chrome before 19.0.1084.46 does not properly restrict field values
Description: The Autofill feature in Google Chrome before 19.0.1084.46 does not properly restrict field values, which allows remote attackers to cause a denial of service (UI corruption) and possibly conduct spoofing attacks via vectors involving long values.
Family: windows Class: vulnerability
Reference(s): CVE-2011-3085
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15206
 
Oval ID: oval:org.mitre.oval:def:15206
Title: Use-after-free vulnerability in Google Chrome before 19.0.1084.46 via vectors involving a STYLE element.
Description: Use-after-free vulnerability in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a STYLE element.
Family: windows Class: vulnerability
Reference(s): CVE-2011-3086
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24393
 
Oval ID: oval:org.mitre.oval:def:24393
Title: WebKit vulnerability in Apple Safari, visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution (CVE-2011-3086)
Description: Use-after-free vulnerability in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a STYLE element.
Family: windows Class: vulnerability
Reference(s): CVE-2011-3086
Version: 2
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Apple Safari
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15567
 
Oval ID: oval:org.mitre.oval:def:15567
Title: Google Chrome before 19.0.1084.46 does not properly perform window navigation
Description: Google Chrome before 19.0.1084.46 does not properly perform window navigation, which has unspecified impact and remote attack vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2011-3087
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15581
 
Oval ID: oval:org.mitre.oval:def:15581
Title: Google Chrome before 19.0.1084.46 does not properly draw hairlines
Description: Google Chrome before 19.0.1084.46 does not properly draw hairlines, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2011-3088
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15474
 
Oval ID: oval:org.mitre.oval:def:15474
Title: Use-after-free vulnerability in Google Chrome before 19.0.1084.46 via vectors involving tables.
Description: Use-after-free vulnerability in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving tables.
Family: windows Class: vulnerability
Reference(s): CVE-2011-3089
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24351
 
Oval ID: oval:org.mitre.oval:def:24351
Title: WebKit vulnerability in Apple Safari, visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution (CVE-2011-3089)
Description: Use-after-free vulnerability in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving tables.
Family: windows Class: vulnerability
Reference(s): CVE-2011-3089
Version: 2
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Apple Safari
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15605
 
Oval ID: oval:org.mitre.oval:def:15605
Title: Race condition in Google Chrome before 19.0.1084.46
Description: Race condition in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to worker processes.
Family: windows Class: vulnerability
Reference(s): CVE-2011-3090
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15196
 
Oval ID: oval:org.mitre.oval:def:15196
Title: Use-after-free vulnerability in the IndexedDB implementation in Google Chrome before 19.0.1084.46
Description: Use-after-free vulnerability in the IndexedDB implementation in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2011-3091
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15610
 
Oval ID: oval:org.mitre.oval:def:15610
Title: Vulnerability in regex implementation in Google V8, as used in Google Chrome before 19.0.1084.46
Description: The regex implementation in Google V8, as used in Google Chrome before 19.0.1084.46, allows remote attackers to cause a denial of service (invalid write operation) or possibly have unspecified other impact via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2011-3092
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15358
 
Oval ID: oval:org.mitre.oval:def:15358
Title: Google Chrome before 19.0.1084.46 does not properly handle glyphs
Description: Google Chrome before 19.0.1084.46 does not properly handle glyphs, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2011-3093
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15233
 
Oval ID: oval:org.mitre.oval:def:15233
Title: Google Chrome before 19.0.1084.46 does not properly handle Tibetan text
Description: Google Chrome before 19.0.1084.46 does not properly handle Tibetan text, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2011-3094
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15159
 
Oval ID: oval:org.mitre.oval:def:15159
Title: Vulnerability in the OGG container in Google Chrome before 19.0.1084.46 via vectors that trigger an out-of-bounds write.
Description: The OGG container in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write.
Family: windows Class: vulnerability
Reference(s): CVE-2011-3095
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15224
 
Oval ID: oval:org.mitre.oval:def:15224
Title: Google Chrome before 19.0.1084.46 does not properly draw dash paths
Description: Google Chrome before 19.0.1084.46 does not properly draw dash paths, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2011-3100
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Google Chrome
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application1

OpenVAS Exploits

DateDescription
2012-12-13Name : SuSE Update for update openSUSE-SU-2012:0656-1 (update)
File : nvt/gb_suse_2012_0656_1.nasl
2012-12-13Name : SuSE Update for MozillaFirefox, openSUSE-SU-2012:0760-1 (MozillaFirefox,)
File : nvt/gb_suse_2012_0760_1.nasl
2012-12-13Name : SuSE Update for update openSUSE-SU-2012:0993-1 (update)
File : nvt/gb_suse_2012_0993_1.nasl
2012-10-26Name : Ubuntu Update for webkit USN-1617-1
File : nvt/gb_ubuntu_USN_1617_1.nasl
2012-09-17Name : Apple iTunes Multiple Vulnerabilities - Sep 12 (Windows)
File : nvt/gb_apple_itunes_mult_vuln_sep12_win.nasl
2012-08-10Name : FreeBSD Ports: firefox
File : nvt/freebsd_firefox68.nasl
2012-08-03Name : Mandriva Update for mozilla MDVSA-2012:088 (mozilla)
File : nvt/gb_mandriva_MDVSA_2012_088.nasl
2012-07-30Name : CentOS Update for firefox CESA-2012:0710 centos5
File : nvt/gb_CESA-2012_0710_firefox_centos5.nasl
2012-07-30Name : CentOS Update for firefox CESA-2012:0710 centos6
File : nvt/gb_CESA-2012_0710_firefox_centos6.nasl
2012-07-30Name : CentOS Update for thunderbird CESA-2012:0715 centos5
File : nvt/gb_CESA-2012_0715_thunderbird_centos5.nasl
2012-07-30Name : CentOS Update for thunderbird CESA-2012:0715 centos6
File : nvt/gb_CESA-2012_0715_thunderbird_centos6.nasl
2012-07-30Name : Apple Safari Multiple Vulnerabilities - July 2012 (Mac OS X)
File : nvt/gb_apple_safari_mult_vuln_jul12_macosx.nasl
2012-06-28Name : Ubuntu Update for thunderbird USN-1463-6
File : nvt/gb_ubuntu_USN_1463_6.nasl
2012-06-25Name : Ubuntu Update for thunderbird USN-1463-4
File : nvt/gb_ubuntu_USN_1463_4.nasl
2012-06-25Name : Mandriva Update for mozilla MDVSA-2012:088-1 (mozilla)
File : nvt/gb_mandriva_MDVSA_2012_088_1.nasl
2012-06-22Name : Ubuntu Update for firefox USN-1463-3
File : nvt/gb_ubuntu_USN_1463_3.nasl
2012-06-08Name : Ubuntu Update for firefox USN-1463-1
File : nvt/gb_ubuntu_USN_1463_1.nasl
2012-06-08Name : RedHat Update for firefox RHSA-2012:0710-01
File : nvt/gb_RHSA-2012_0710-01_firefox.nasl
2012-06-08Name : RedHat Update for thunderbird RHSA-2012:0715-01
File : nvt/gb_RHSA-2012_0715-01_thunderbird.nasl
2012-05-31Name : Gentoo Security Advisory GLSA 201205-03 (chromium v8)
File : nvt/glsa_201205_03.nasl
2012-05-31Name : FreeBSD Ports: chromium
File : nvt/freebsd_chromium12.nasl
2012-05-17Name : Google Chrome Multiple Vulnerabilities - May 12 (Linux)
File : nvt/gb_google_chrome_mult_vuln_may12_lin.nasl
2012-05-17Name : Google Chrome Multiple Vulnerabilities - May 12 (Mac OS X)
File : nvt/gb_google_chrome_mult_vuln_may12_macosx.nasl
2012-05-17Name : Google Chrome Multiple Vulnerabilities - May 12 (Windows)
File : nvt/gb_google_chrome_mult_vuln_may12_win.nasl

Nessus® Vulnerability Scanner

DateDescription
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0710.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2012-0715.nasl - Type : ACT_GATHER_INFO
2013-01-25Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_MozillaFirefox-120611.nasl - Type : ACT_GATHER_INFO
2013-01-08Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO
2012-10-26Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1617-1.nasl - Type : ACT_GATHER_INFO
2012-09-13Name : The remote host contains a multimedia application that has multiple vulnerabi...
File : itunes_10_7.nasl - Type : ACT_GATHER_INFO
2012-09-13Name : The remote host contains a multimedia application that has multiple vulnerabi...
File : itunes_10_7_banner.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120605_firefox_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120606_thunderbird_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-07-26Name : The remote host contains a web browser that is affected by several vulnerabil...
File : macosx_Safari6_0.nasl - Type : ACT_GATHER_INFO
2012-06-27Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1463-6.nasl - Type : ACT_GATHER_INFO
2012-06-25Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2012-088.nasl - Type : ACT_GATHER_INFO
2012-06-22Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1463-4.nasl - Type : ACT_GATHER_INFO
2012-06-21Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1463-3.nasl - Type : ACT_GATHER_INFO
2012-06-21Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201205-03.nasl - Type : ACT_GATHER_INFO
2012-06-15Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_MozillaFirefox-8189.nasl - Type : ACT_GATHER_INFO
2012-06-08Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2012-0715.nasl - Type : ACT_GATHER_INFO
2012-06-07Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1463-1.nasl - Type : ACT_GATHER_INFO
2012-06-07Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0715.nasl - Type : ACT_GATHER_INFO
2012-06-07Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-0710.nasl - Type : ACT_GATHER_INFO
2012-06-06Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0710.nasl - Type : ACT_GATHER_INFO
2012-06-06Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_bfecf7c1af4711e195804061862b8c22.nasl - Type : ACT_GATHER_INFO
2012-05-16Name : The remote host contains a web browser that is affected by multiple vulnerabi...
File : google_chrome_19_0_1084_46.nasl - Type : ACT_GATHER_INFO
2012-05-16Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_1449af379eba11e1b9c100262d5ed8ee.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2014-02-17 11:37:20
  • Multiple Updates