Executive Summary
Summary | |
---|---|
Title | Chromium: Multiple vulnerabilities |
Informations | |||
---|---|---|---|
Name | GLSA-201210-07 | First vendor Publication | 2012-10-21 |
Vendor | Gentoo | Last vendor Modification | 2012-10-21 |
Severity (Vendor) | Normal | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Synopsis Multiple vulnerabilities have been reported in Chromium, some of which may allow execution of arbitrary code. Background Description Impact Workaround Resolution References http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html http://googlechromereleases.blogspot.com/2012/10/stable-channel-update.html http://googlechromereleases.blogspot.com/2012/10/stable-channel-update_6105.html Availability http://security.gentoo.org/glsa/glsa-201210-07.xml |
Original Source
Url : http://security.gentoo.org/glsa/glsa-201210-07.xml |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
33 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
22 % | CWE-399 | Resource Management Errors |
11 % | CWE-362 | Race Condition |
11 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
7 % | CWE-20 | Improper Input Validation |
4 % | CWE-269 | Improper Privilege Management |
4 % | CWE-200 | Information Exposure |
4 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
4 % | CWE-125 | Out-of-bounds Read |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:14866 | |||
Oval ID: | oval:org.mitre.oval:def:14866 | ||
Title: | Google Chrome before 21.0.1180.89 does not properly perform line breaking | ||
Description: | Google Chrome before 21.0.1180.89 does not properly perform line breaking, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted document. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-2865 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:14901 | |||
Oval ID: | oval:org.mitre.oval:def:14901 | ||
Title: | Vulnerability in the compositor in Google Chrome before 22.0.1229.92 | ||
Description: | The compositor in Google Chrome before 22.0.1229.92 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-5110 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:14916 | |||
Oval ID: | oval:org.mitre.oval:def:14916 | ||
Title: | Cross-site scripting (XSS) vulnerability in Google Chrome before 22.0.1229.79 via vectors related to the Google V8 bindings | ||
Description: | Cross-site scripting (XSS) vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to inject arbitrary web script or HTML via vectors related to the Google V8 bindings, aka "Universal XSS (UXSS)." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-2886 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:14920 | |||
Oval ID: | oval:org.mitre.oval:def:14920 | ||
Title: | Google Chrome before 22.0.1229.79 does not properly handle plug-ins | ||
Description: | Google Chrome before 22.0.1229.79 does not properly handle plug-ins, which allows remote attackers to cause a denial of service (DOM tree corruption) or possibly have unspecified other impact via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-2881 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:15034 | |||
Oval ID: | oval:org.mitre.oval:def:15034 | ||
Title: | Buffer overflow in the SSE2 optimization functionality in Google Chrome before 22.0.1229.79 | ||
Description: | Buffer overflow in the SSE2 optimization functionality in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-2876 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:15130 | |||
Oval ID: | oval:org.mitre.oval:def:15130 | ||
Title: | The SPDY implementation in Google Chrome before 21.0.1180.89 allows remote attackers to cause a denial of service (application crash) via unspecified vectors | ||
Description: | The SPDY implementation in Google Chrome before 21.0.1180.89 allows remote attackers to cause a denial of service (application crash) via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-2867 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:15156 | |||
Oval ID: | oval:org.mitre.oval:def:15156 | ||
Title: | Vulnerability in the Inter-process Communication (IPC) implementation in Google Chrome before 22.0.1229.94 | ||
Description: | The Inter-process Communication (IPC) implementation in Google Chrome before 22.0.1229.94 allows remote attackers to bypass intended sandbox restrictions and write to arbitrary files by leveraging access to a renderer process, a different vulnerability than CVE-2012-5112. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-5376 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:15484 | |||
Oval ID: | oval:org.mitre.oval:def:15484 | ||
Title: | The IPC implementation in Google Chrome before 22.0.1229.79 allows attackers to obtain potentially sensitive information about memory addresses via unspecified vectors | ||
Description: | The IPC implementation in Google Chrome before 22.0.1229.79 allows attackers to obtain potentially sensitive information about memory addresses via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-2891 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:15507 | |||
Oval ID: | oval:org.mitre.oval:def:15507 | ||
Title: | Skia, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors | ||
Description: | Skia, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-2884 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:15517 | |||
Oval ID: | oval:org.mitre.oval:def:15517 | ||
Title: | Google Chrome before 22.0.1229.92 does not monitor for crashes of Pepper plug-ins | ||
Description: | Google Chrome before 22.0.1229.92 does not monitor for crashes of Pepper plug-ins, which has unspecified impact and remote attack vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-5111 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:15523 | |||
Oval ID: | oval:org.mitre.oval:def:15523 | ||
Title: | Use-after-free vulnerability in the SVG implementation in WebKit, as used in Google Chrome before 22.0.1229.94 | ||
Description: | Use-after-free vulnerability in the SVG implementation in WebKit, as used in Google Chrome before 22.0.1229.94, allows remote attackers to execute arbitrary code via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-5112 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:15561 | |||
Oval ID: | oval:org.mitre.oval:def:15561 | ||
Title: | Double free vulnerability in Google Chrome before 22.0.1229.79 via vectors related to application exit | ||
Description: | Double free vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to application exit. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-2885 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:15609 | |||
Oval ID: | oval:org.mitre.oval:def:15609 | ||
Title: | Google Chrome before 21.0.1180.89 does not properly perform a cast of an unspecified variable during handling of run-in elements | ||
Description: | Google Chrome before 21.0.1180.89 does not properly perform a cast of an unspecified variable during handling of run-in elements, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-2866 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:15612 | |||
Oval ID: | oval:org.mitre.oval:def:15612 | ||
Title: | Use-after-free vulnerability in Google Chrome before 22.0.1229.79 via vectors involving SVG text references. | ||
Description: | Use-after-free vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG text references. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-2888 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:15634 | |||
Oval ID: | oval:org.mitre.oval:def:15634 | ||
Title: | Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service (DOM topology corruption) via a crafted document | ||
Description: | Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service (DOM topology corruption) via a crafted document. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-2879 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:15651 | |||
Oval ID: | oval:org.mitre.oval:def:15651 | ||
Title: | Race condition in Google Chrome before 22.0.1229.92 | ||
Description: | Race condition in Google Chrome before 22.0.1229.92 allows remote attackers to execute arbitrary code via vectors related to audio devices. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-5108 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:15688 | |||
Oval ID: | oval:org.mitre.oval:def:15688 | ||
Title: | FFmpeg, as used in Google Chrome before 22.0.1229.79, does not properly handle OGG containers | ||
Description: | FFmpeg, as used in Google Chrome before 22.0.1229.79, does not properly handle OGG containers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, related to a "wild pointer" issue. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-2882 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:15709 | |||
Oval ID: | oval:org.mitre.oval:def:15709 | ||
Title: | The date-picker implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site | ||
Description: | The date-picker implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-2860 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:15710 | |||
Oval ID: | oval:org.mitre.oval:def:15710 | ||
Title: | Google Chrome before 21.0.1180.89 does not properly load URLs | ||
Description: | Google Chrome before 21.0.1180.89 does not properly load URLs, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a "stale buffer." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-2869 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:15725 | |||
Oval ID: | oval:org.mitre.oval:def:15725 | ||
Title: | Skia, as used in Google Chrome before 22.0.1229.92, does not properly render text | ||
Description: | Skia, as used in Google Chrome before 22.0.1229.92, does not properly render text, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-2900 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:15772 | |||
Oval ID: | oval:org.mitre.oval:def:15772 | ||
Title: | Vulnerability in Skia, as used in Google Chrome before 22.0.1229.79, via vectors that trigger an out-of-bounds write operation | ||
Description: | Skia, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an out-of-bounds write operation, a different vulnerability than CVE-2012-2874. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-2883 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:15776 | |||
Oval ID: | oval:org.mitre.oval:def:15776 | ||
Title: | Race condition in Google Chrome before 22.0.1229.79 via vectors related to the plug-in paint buffer | ||
Description: | Race condition in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the plug-in paint buffer. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-2880 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:15783 | |||
Oval ID: | oval:org.mitre.oval:def:15783 | ||
Title: | Use-after-free vulnerability in Google Chrome before 22.0.1229.79 via vectors related to plug-in handling | ||
Description: | Use-after-free vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to plug-in handling. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-2878 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:15797 | |||
Oval ID: | oval:org.mitre.oval:def:15797 | ||
Title: | Use-after-free vulnerability in Google Chrome before 22.0.1229.79 via vectors involving onclick events | ||
Description: | Use-after-free vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving onclick events. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-2887 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:15807 | |||
Oval ID: | oval:org.mitre.oval:def:15807 | ||
Title: | Unspecified vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to bypass the pop-up blocker via unknown vectors | ||
Description: | Unspecified vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to bypass the pop-up blocker via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-2892 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:15829 | |||
Oval ID: | oval:org.mitre.oval:def:15829 | ||
Title: | Cross-site scripting (XSS) vulnerability in Google Chrome before 22.0.1229.79 via vectors involving frames | ||
Description: | Cross-site scripting (XSS) vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to inject arbitrary web script or HTML via vectors involving frames, aka "Universal XSS (UXSS)." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-2889 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:15842 | |||
Oval ID: | oval:org.mitre.oval:def:15842 | ||
Title: | Race condition in Google Chrome before 21.0.1180.89 via vectors involving improper interaction between worker processes and an XMLHttpRequest (aka XHR) object | ||
Description: | Race condition in Google Chrome before 21.0.1180.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving improper interaction between worker processes and an XMLHttpRequest (aka XHR) object. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-2868 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:15853 | |||
Oval ID: | oval:org.mitre.oval:def:15853 | ||
Title: | Cross-site scripting (XSS) vulnerability in an SSL interstitial page in Google Chrome before 21.0.1180.89 | ||
Description: | Cross-site scripting (XSS) vulnerability in an SSL interstitial page in Google Chrome before 21.0.1180.89 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-2872 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:15855 | |||
Oval ID: | oval:org.mitre.oval:def:15855 | ||
Title: | Google Chrome before 22.0.1229.79 does not properly handle graphics-context data structures | ||
Description: | Google Chrome before 22.0.1229.79 does not properly handle graphics-context data structures, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-2894 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:15856 | |||
Oval ID: | oval:org.mitre.oval:def:15856 | ||
Title: | Vulnerability in Skia, as used in Google Chrome before 22.0.1229.79, via vectors that trigger an out-of-bounds write operation, a different vulnerability than CVE-2012-2883. | ||
Description: | Skia, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an out-of-bounds write operation, a different vulnerability than CVE-2012-2883. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-2874 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:15857 | |||
Oval ID: | oval:org.mitre.oval:def:15857 | ||
Title: | The extension system in Google Chrome before 22.0.1229.79 does not properly handle modal dialogs | ||
Description: | The extension system in Google Chrome before 22.0.1229.79 does not properly handle modal dialogs, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-2877 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:24451 | |||
Oval ID: | oval:org.mitre.oval:def:24451 | ||
Title: | WebKit vulnerability in Apple Safari, this issue was addressed through improved memory handling (CVE-2012-5112) | ||
Description: | Use-after-free vulnerability in the SVG implementation in WebKit, as used in Google Chrome before 22.0.1229.94, allows remote attackers to execute arbitrary code via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-5112 | Version: | 4 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Apple Safari |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-12-13 | Name : SuSE Update for chromium openSUSE-SU-2012:1215-1 (chromium) File : nvt/gb_suse_2012_1215_1.nasl |
2012-12-13 | Name : SuSE Update for update openSUSE-SU-2012:1376-1 (update) File : nvt/gb_suse_2012_1376_1.nasl |
2012-11-02 | Name : Apple Safari Multiple Vulnerabilities (APPLE-SA-2012-09-19-3) File : nvt/gb_apple_safari_mult_vuln_nov12_macosx.nasl |
2012-10-22 | Name : Gentoo Security Advisory GLSA 201210-07 (chromium) File : nvt/glsa_201210_07.nasl |
2012-10-15 | Name : Google Chrome Multiple Vulnerabilities-02 Oct12 (Mac OS X) File : nvt/gb_google_chrome_mult_vuln02_oct12_macosx.nasl |
2012-10-15 | Name : Google Chrome Multiple Vulnerabilities-02 Oct12 (Windows) File : nvt/gb_google_chrome_mult_vuln02_oct12_win.nasl |
2012-10-15 | Name : Google Chrome Multiple Vulnerabilities-02 Oct12 (Linux) File : nvt/gb_google_chrome_mult_vuln02_oct12_lin.nasl |
2012-10-15 | Name : Google Chrome Multiple Vulnerabilities-01 Oct12 (Windows) File : nvt/gb_google_chrome_mult_vuln01_oct12_win.nasl |
2012-10-15 | Name : Google Chrome Multiple Vulnerabilities-01 Oct12 (Mac OS X) File : nvt/gb_google_chrome_mult_vuln01_oct12_macosx.nasl |
2012-10-15 | Name : Google Chrome Multiple Vulnerabilities-01 Oct12 (Linux) File : nvt/gb_google_chrome_mult_vuln01_oct12_lin.nasl |
2012-10-13 | Name : FreeBSD Ports: chromium File : nvt/freebsd_chromium21.nasl |
2012-10-13 | Name : FreeBSD Ports: chromium File : nvt/freebsd_chromium20.nasl |
2012-10-03 | Name : FreeBSD Ports: chromium File : nvt/freebsd_chromium19.nasl |
2012-09-28 | Name : Google Chrome Multiple Vulnerabilities - Sep12 (Linux-01) File : nvt/gb_google_chrome_mult_vuln_sep12_lin01.nasl |
2012-09-28 | Name : Google Chrome Multiple Vulnerabilities - Sep12 (Mac OS X-01) File : nvt/gb_google_chrome_mult_vuln_sep12_macosx01.nasl |
2012-09-28 | Name : Google Chrome Multiple Vulnerabilities - Sep12 (Windows-01) File : nvt/gb_google_chrome_mult_vuln_sep12_win01.nasl |
2012-09-03 | Name : Google Chrome Multiple Vulnerabilities - Sep12 (Linux) File : nvt/gb_google_chrome_mult_vuln_sep12_lin.nasl |
2012-09-03 | Name : Google Chrome Multiple Vulnerabilities - Sep12 (Mac OS X) File : nvt/gb_google_chrome_mult_vuln_sep12_macosx.nasl |
2012-09-03 | Name : Google Chrome Multiple Vulnerabilities - Sep12 (Windows) File : nvt/gb_google_chrome_mult_vuln_sep12_win.nasl |
2012-08-30 | Name : FreeBSD Ports: chromium File : nvt/freebsd_chromium18.nasl |
2012-08-30 | Name : Gentoo Security Advisory GLSA 201208-03 (chromium) File : nvt/glsa_201208_03.nasl |
2012-08-10 | Name : FreeBSD Ports: chromium File : nvt/freebsd_chromium15.nasl |
2012-08-09 | Name : Google Chrome Multiple Vulnerabilities - August 12 (Linux) File : nvt/gb_google_chrome_mult_vuln_aug12_lin.nasl |
2012-08-08 | Name : Google Chrome Multiple Vulnerabilities - August 12 (Windows) File : nvt/gb_google_chrome_mult_vuln_aug12_win.nasl |
2012-08-08 | Name : Google Chrome Multiple Vulnerabilities - August 12 (Mac OS X) File : nvt/gb_google_chrome_mult_vuln_aug12_macosx.nasl |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-721.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-619.nasl - Type : ACT_GATHER_INFO |
2013-05-17 | Name : The remote host contains a multimedia application that has multiple vulnerabi... File : itunes_11_0_3_banner.nasl - Type : ACT_GATHER_INFO |
2013-05-17 | Name : The remote host contains an application that has multiple vulnerabilities. File : itunes_11_0_3.nasl - Type : ACT_GATHER_INFO |
2013-03-15 | Name : The remote host contains a web browser that is affected by several vulnerabil... File : macosx_Safari6_0_3.nasl - Type : ACT_GATHER_INFO |
2013-01-14 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2012-20125.nasl - Type : ACT_GATHER_INFO |
2012-11-02 | Name : The remote host contains a web browser that is affected by several vulnerabil... File : macosx_Safari6_0_2.nasl - Type : ACT_GATHER_INFO |
2012-10-22 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201210-07.nasl - Type : ACT_GATHER_INFO |
2012-10-12 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : google_chrome_22_0_1229_94.nasl - Type : ACT_GATHER_INFO |
2012-10-12 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : google_chrome_22_0_1229_92.nasl - Type : ACT_GATHER_INFO |
2012-10-11 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_09e83f7f132611e2afe300262d5ed8ee.nasl - Type : ACT_GATHER_INFO |
2012-10-09 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_e6161b65118711e2afe300262d5ed8ee.nasl - Type : ACT_GATHER_INFO |
2012-09-27 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_5bae2ab4082011e2be5f00262d5ed8ee.nasl - Type : ACT_GATHER_INFO |
2012-09-26 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : google_chrome_22_0_1229_79.nasl - Type : ACT_GATHER_INFO |
2012-09-04 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : google_chrome_21_0_1180_89.nasl - Type : ACT_GATHER_INFO |
2012-08-31 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_ee68923df2f511e1801400262d5ed8ee.nasl - Type : ACT_GATHER_INFO |
2012-08-15 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201208-03.nasl - Type : ACT_GATHER_INFO |
2012-08-13 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_ce84e136e2f611e1a8ca00262d5ed8ee.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : google_chrome_21_0_1180_60.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:37:38 |
|