Executive Summary
Summary | |
---|---|
Title | Chromium, V8: Multiple vulnerabilities |
Informations | |||
---|---|---|---|
Name | GLSA-201205-04 | First vendor Publication | 2012-05-27 |
Vendor | Gentoo | Last vendor Modification | 2012-05-27 |
Severity (Vendor) | Normal | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Synopsis Multiple vulnerabilities have been reported in Chromium and V8, some of which may allow execution of arbitrary code. Background Description Impact Workaround Resolution All V8 users should upgrade to the latest version: References http://googlechromereleases.blogspot.com/2012/05/stable-channel-update_23.html Availability http://security.gentoo.org/glsa/glsa-201205-04.xml |
Original Source
Url : http://security.gentoo.org/glsa/glsa-201205-04.xml |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
57 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
43 % | CWE-399 | Resource Management Errors |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:14947 | |||
Oval ID: | oval:org.mitre.oval:def:14947 | ||
Title: | Use-after-free vulnerability in Google Chrome before 19.0.1084.52 via vectors related to the browser cache | ||
Description: | Use-after-free vulnerability in Google Chrome before 19.0.1084.52 allows remote attackers to execute arbitrary code via vectors related to the browser cache. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-3108 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:15095 | |||
Oval ID: | oval:org.mitre.oval:def:15095 | ||
Title: | Google V8, as used in Google Chrome before 19.0.1084.52, does not properly perform garbage collection | ||
Description: | Google V8, as used in Google Chrome before 19.0.1084.52, does not properly perform garbage collection, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaScript code. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-3103 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:15409 | |||
Oval ID: | oval:org.mitre.oval:def:15409 | ||
Title: | Google Chrome before 19.0.1084.52 does not properly implement JavaScript bindings for plug-ins | ||
Description: | Google Chrome before 19.0.1084.52 does not properly implement JavaScript bindings for plug-ins, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-3107 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:15433 | |||
Oval ID: | oval:org.mitre.oval:def:15433 | ||
Title: | Vulnerability in Google V8, as used in Google Chrome before 19.0.1084.52 via vectors that trigger "type corruption" | ||
Description: | Google V8, as used in Google Chrome before 19.0.1084.52, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger "type corruption." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-3115 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:15470 | |||
Oval ID: | oval:org.mitre.oval:def:15470 | ||
Title: | The WebSockets implementation in Google Chrome before 19.0.1084.52 does not properly handle use of SSL | ||
Description: | The WebSockets implementation in Google Chrome before 19.0.1084.52 does not properly handle use of SSL, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-3106 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:15471 | |||
Oval ID: | oval:org.mitre.oval:def:15471 | ||
Title: | Vulnerability in Skia, as used in Google Chrome before 19.0.1084.52 | ||
Description: | Skia, as used in Google Chrome before 19.0.1084.52, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-3104 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:15535 | |||
Oval ID: | oval:org.mitre.oval:def:15535 | ||
Title: | Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 19.0.1084.52 via vectors related to the :first-letter pseudo-element | ||
Description: | Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 19.0.1084.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the :first-letter pseudo-element. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-3105 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:15549 | |||
Oval ID: | oval:org.mitre.oval:def:15549 | ||
Title: | Vulnerability in Google V8, as used in Google Chrome before 19.0.1084.52, via unspecified vectors. | ||
Description: | Google V8, as used in Google Chrome before 19.0.1084.52, allows remote attackers to cause a denial of service (invalid read operation) via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-3111 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-10-01 | Name : Apple Safari Multiple Vulnerabilities - Oct 2012 (Mac OS X) File : nvt/gb_apple_safari_mult_vuln_oct12_macosx.nasl |
2012-09-17 | Name : Apple iTunes Multiple Vulnerabilities - Sep 12 (Windows) File : nvt/gb_apple_itunes_mult_vuln_sep12_win.nasl |
2012-05-31 | Name : FreeBSD Ports: chromium File : nvt/freebsd_chromium11.nasl |
2012-05-31 | Name : Gentoo Security Advisory GLSA 201205-04 (chromium v8) File : nvt/glsa_201205_04.nasl |
2012-05-25 | Name : Google Chrome Multiple Vulnerabilities(02) - May 12 (Linux) File : nvt/secpod_google_chrome_mult_vuln_may12_lin.nasl |
2012-05-25 | Name : Google Chrome Multiple Vulnerabilities(02) - May 12 (Mac OS X) File : nvt/secpod_google_chrome_mult_vuln_may12_macosx.nasl |
2012-05-25 | Name : Google Chrome Multiple Vulnerabilities(02) - May 12 (Windows) File : nvt/secpod_google_chrome_mult_vuln_may12_win.nasl |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2012-09-20 | Name : The remote host contains a web browser that is affected by several vulnerabil... File : macosx_Safari6_0_1.nasl - Type : ACT_GATHER_INFO |
2012-09-13 | Name : The remote host contains a multimedia application that has multiple vulnerabi... File : itunes_10_7.nasl - Type : ACT_GATHER_INFO |
2012-09-13 | Name : The remote host contains a multimedia application that has multiple vulnerabi... File : itunes_10_7_banner.nasl - Type : ACT_GATHER_INFO |
2012-06-21 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201205-04.nasl - Type : ACT_GATHER_INFO |
2012-05-29 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_219d0bfda91511e1b51900262d5ed8ee.nasl - Type : ACT_GATHER_INFO |
2012-05-24 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : google_chrome_19_0_1084_52.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:37:20 |
|