Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Chromium: Multiple vulnerabilities
Informations
Name GLSA-201210-07 First vendor Publication 2012-10-21
Vendor Gentoo Last vendor Modification 2012-10-21
Severity (Vendor) Normal Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

Multiple vulnerabilities have been reported in Chromium, some of which may allow execution of arbitrary code.

Background

Chromium is an open source web browser project.

Description

Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers and release notes referenced below for details.

Impact

A remote attacker could entice a user to open a specially crafted web site using Chromium, possibly resulting in the execution of arbitrary code with the privileges of the process, arbitrary file write, a Denial of Service condition, Cross-Site Scripting in SSL interstitial and various Universal Cross-Site Scripting attacks.

Workaround

There is no known workaround at this time.

Resolution

All Chromium users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-client/chromium-22.0.1229.94"

References

[ 1 ] CVE-2012-2859 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2859
[ 2 ] CVE-2012-2860 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2860
[ 3 ] CVE-2012-2865 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2865
[ 4 ] CVE-2012-2866 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2866
[ 5 ] CVE-2012-2867 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2867
[ 6 ] CVE-2012-2868 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2868
[ 7 ] CVE-2012-2869 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2869
[ 8 ] CVE-2012-2872 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2872
[ 9 ] CVE-2012-2874 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2874
[ 10 ] CVE-2012-2876 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2876
[ 11 ] CVE-2012-2877 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2877
[ 12 ] CVE-2012-2878 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2878
[ 13 ] CVE-2012-2879 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2879
[ 14 ] CVE-2012-2880 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2880
[ 15 ] CVE-2012-2881 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2881
[ 16 ] CVE-2012-2882 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2882
[ 17 ] CVE-2012-2883 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2883
[ 18 ] CVE-2012-2884 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2884
[ 19 ] CVE-2012-2885 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2885
[ 20 ] CVE-2012-2886 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2886
[ 21 ] CVE-2012-2887 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2887
[ 22 ] CVE-2012-2888 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2888
[ 23 ] CVE-2012-2889 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2889
[ 24 ] CVE-2012-2891 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2891
[ 25 ] CVE-2012-2892 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2892
[ 26 ] CVE-2012-2894 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2894
[ 27 ] CVE-2012-2896 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2896
[ 28 ] CVE-2012-2900 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2900
[ 29 ] CVE-2012-5108 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5108
[ 30 ] CVE-2012-5110 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5110
[ 31 ] CVE-2012-5111 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5111
[ 32 ] CVE-2012-5112 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5112
[ 33 ] CVE-2012-5376 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5376
[ 34 ] Release Notes 21.0.1180.89

http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html
[ 35 ] Release Notes 22.0.1229.79

http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html
[ 36 ] Release Notes 22.0.1229.92

http://googlechromereleases.blogspot.com/2012/10/stable-channel-update.html
[ 37 ] Release Notes 22.0.1229.94

http://googlechromereleases.blogspot.com/2012/10/stable-channel-update_6105.html

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201210-07.xml

Original Source

Url : http://security.gentoo.org/glsa/glsa-201210-07.xml

CWE : Common Weakness Enumeration

% Id Name
33 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
22 % CWE-399 Resource Management Errors
11 % CWE-362 Race Condition
11 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)
7 % CWE-20 Improper Input Validation
4 % CWE-269 Improper Privilege Management
4 % CWE-200 Information Exposure
4 % CWE-189 Numeric Errors (CWE/SANS Top 25)
4 % CWE-125 Out-of-bounds Read

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:14866
 
Oval ID: oval:org.mitre.oval:def:14866
Title: Google Chrome before 21.0.1180.89 does not properly perform line breaking
Description: Google Chrome before 21.0.1180.89 does not properly perform line breaking, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted document.
Family: windows Class: vulnerability
Reference(s): CVE-2012-2865
 Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14901
 
Oval ID: oval:org.mitre.oval:def:14901
Title: Vulnerability in the compositor in Google Chrome before 22.0.1229.92
Description: The compositor in Google Chrome before 22.0.1229.92 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2012-5110
 Version: 5
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14916
 
Oval ID: oval:org.mitre.oval:def:14916
Title: Cross-site scripting (XSS) vulnerability in Google Chrome before 22.0.1229.79 via vectors related to the Google V8 bindings
Description: Cross-site scripting (XSS) vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to inject arbitrary web script or HTML via vectors related to the Google V8 bindings, aka "Universal XSS (UXSS)."
Family: windows Class: vulnerability
Reference(s): CVE-2012-2886
 Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14920
 
Oval ID: oval:org.mitre.oval:def:14920
Title: Google Chrome before 22.0.1229.79 does not properly handle plug-ins
Description: Google Chrome before 22.0.1229.79 does not properly handle plug-ins, which allows remote attackers to cause a denial of service (DOM tree corruption) or possibly have unspecified other impact via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2012-2881
 Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15034
 
Oval ID: oval:org.mitre.oval:def:15034
Title: Buffer overflow in the SSE2 optimization functionality in Google Chrome before 22.0.1229.79
Description: Buffer overflow in the SSE2 optimization functionality in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2012-2876
 Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15130
 
Oval ID: oval:org.mitre.oval:def:15130
Title: The SPDY implementation in Google Chrome before 21.0.1180.89 allows remote attackers to cause a denial of service (application crash) via unspecified vectors
Description: The SPDY implementation in Google Chrome before 21.0.1180.89 allows remote attackers to cause a denial of service (application crash) via unspecified vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2012-2867
 Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15156
 
Oval ID: oval:org.mitre.oval:def:15156
Title: Vulnerability in the Inter-process Communication (IPC) implementation in Google Chrome before 22.0.1229.94
Description: The Inter-process Communication (IPC) implementation in Google Chrome before 22.0.1229.94 allows remote attackers to bypass intended sandbox restrictions and write to arbitrary files by leveraging access to a renderer process, a different vulnerability than CVE-2012-5112.
Family: windows Class: vulnerability
Reference(s): CVE-2012-5376
 Version: 5
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15484
 
Oval ID: oval:org.mitre.oval:def:15484
Title: The IPC implementation in Google Chrome before 22.0.1229.79 allows attackers to obtain potentially sensitive information about memory addresses via unspecified vectors
Description: The IPC implementation in Google Chrome before 22.0.1229.79 allows attackers to obtain potentially sensitive information about memory addresses via unspecified vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2012-2891
 Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15507
 
Oval ID: oval:org.mitre.oval:def:15507
Title: Skia, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors
Description: Skia, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2012-2884
 Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15517
 
Oval ID: oval:org.mitre.oval:def:15517
Title: Google Chrome before 22.0.1229.92 does not monitor for crashes of Pepper plug-ins
Description: Google Chrome before 22.0.1229.92 does not monitor for crashes of Pepper plug-ins, which has unspecified impact and remote attack vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2012-5111
 Version: 5
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15523
 
Oval ID: oval:org.mitre.oval:def:15523
Title: Use-after-free vulnerability in the SVG implementation in WebKit, as used in Google Chrome before 22.0.1229.94
Description: Use-after-free vulnerability in the SVG implementation in WebKit, as used in Google Chrome before 22.0.1229.94, allows remote attackers to execute arbitrary code via unspecified vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2012-5112
 Version: 5
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15561
 
Oval ID: oval:org.mitre.oval:def:15561
Title: Double free vulnerability in Google Chrome before 22.0.1229.79 via vectors related to application exit
Description: Double free vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to application exit.
Family: windows Class: vulnerability
Reference(s): CVE-2012-2885
 Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15609
 
Oval ID: oval:org.mitre.oval:def:15609
Title: Google Chrome before 21.0.1180.89 does not properly perform a cast of an unspecified variable during handling of run-in elements
Description: Google Chrome before 21.0.1180.89 does not properly perform a cast of an unspecified variable during handling of run-in elements, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.
Family: windows Class: vulnerability
Reference(s): CVE-2012-2866
 Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15612
 
Oval ID: oval:org.mitre.oval:def:15612
Title: Use-after-free vulnerability in Google Chrome before 22.0.1229.79 via vectors involving SVG text references.
Description: Use-after-free vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG text references.
Family: windows Class: vulnerability
Reference(s): CVE-2012-2888
 Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15634
 
Oval ID: oval:org.mitre.oval:def:15634
Title: Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service (DOM topology corruption) via a crafted document
Description: Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service (DOM topology corruption) via a crafted document.
Family: windows Class: vulnerability
Reference(s): CVE-2012-2879
 Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15651
 
Oval ID: oval:org.mitre.oval:def:15651
Title: Race condition in Google Chrome before 22.0.1229.92
Description: Race condition in Google Chrome before 22.0.1229.92 allows remote attackers to execute arbitrary code via vectors related to audio devices.
Family: windows Class: vulnerability
Reference(s): CVE-2012-5108
 Version: 5
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15688
 
Oval ID: oval:org.mitre.oval:def:15688
Title: FFmpeg, as used in Google Chrome before 22.0.1229.79, does not properly handle OGG containers
Description: FFmpeg, as used in Google Chrome before 22.0.1229.79, does not properly handle OGG containers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, related to a "wild pointer" issue.
Family: windows Class: vulnerability
Reference(s): CVE-2012-2882
 Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15709
 
Oval ID: oval:org.mitre.oval:def:15709
Title: The date-picker implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site
Description: The date-picker implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site.
Family: windows Class: vulnerability
Reference(s): CVE-2012-2860
 Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15710
 
Oval ID: oval:org.mitre.oval:def:15710
Title: Google Chrome before 21.0.1180.89 does not properly load URLs
Description: Google Chrome before 21.0.1180.89 does not properly load URLs, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a "stale buffer."
Family: windows Class: vulnerability
Reference(s): CVE-2012-2869
 Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15725
 
Oval ID: oval:org.mitre.oval:def:15725
Title: Skia, as used in Google Chrome before 22.0.1229.92, does not properly render text
Description: Skia, as used in Google Chrome before 22.0.1229.92, does not properly render text, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2012-2900
 Version: 5
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15772
 
Oval ID: oval:org.mitre.oval:def:15772
Title: Vulnerability in Skia, as used in Google Chrome before 22.0.1229.79, via vectors that trigger an out-of-bounds write operation
Description: Skia, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an out-of-bounds write operation, a different vulnerability than CVE-2012-2874.
Family: windows Class: vulnerability
Reference(s): CVE-2012-2883
 Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15776
 
Oval ID: oval:org.mitre.oval:def:15776
Title: Race condition in Google Chrome before 22.0.1229.79 via vectors related to the plug-in paint buffer
Description: Race condition in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the plug-in paint buffer.
Family: windows Class: vulnerability
Reference(s): CVE-2012-2880
 Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15783
 
Oval ID: oval:org.mitre.oval:def:15783
Title: Use-after-free vulnerability in Google Chrome before 22.0.1229.79 via vectors related to plug-in handling
Description: Use-after-free vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to plug-in handling.
Family: windows Class: vulnerability
Reference(s): CVE-2012-2878
 Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15797
 
Oval ID: oval:org.mitre.oval:def:15797
Title: Use-after-free vulnerability in Google Chrome before 22.0.1229.79 via vectors involving onclick events
Description: Use-after-free vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving onclick events.
Family: windows Class: vulnerability
Reference(s): CVE-2012-2887
 Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15807
 
Oval ID: oval:org.mitre.oval:def:15807
Title: Unspecified vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to bypass the pop-up blocker via unknown vectors
Description: Unspecified vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to bypass the pop-up blocker via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2012-2892
 Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15829
 
Oval ID: oval:org.mitre.oval:def:15829
Title: Cross-site scripting (XSS) vulnerability in Google Chrome before 22.0.1229.79 via vectors involving frames
Description: Cross-site scripting (XSS) vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to inject arbitrary web script or HTML via vectors involving frames, aka "Universal XSS (UXSS)."
Family: windows Class: vulnerability
Reference(s): CVE-2012-2889
 Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15842
 
Oval ID: oval:org.mitre.oval:def:15842
Title: Race condition in Google Chrome before 21.0.1180.89 via vectors involving improper interaction between worker processes and an XMLHttpRequest (aka XHR) object
Description: Race condition in Google Chrome before 21.0.1180.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving improper interaction between worker processes and an XMLHttpRequest (aka XHR) object.
Family: windows Class: vulnerability
Reference(s): CVE-2012-2868
 Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15853
 
Oval ID: oval:org.mitre.oval:def:15853
Title: Cross-site scripting (XSS) vulnerability in an SSL interstitial page in Google Chrome before 21.0.1180.89
Description: Cross-site scripting (XSS) vulnerability in an SSL interstitial page in Google Chrome before 21.0.1180.89 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2012-2872
 Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15855
 
Oval ID: oval:org.mitre.oval:def:15855
Title: Google Chrome before 22.0.1229.79 does not properly handle graphics-context data structures
Description: Google Chrome before 22.0.1229.79 does not properly handle graphics-context data structures, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2012-2894
 Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15856
 
Oval ID: oval:org.mitre.oval:def:15856
Title: Vulnerability in Skia, as used in Google Chrome before 22.0.1229.79, via vectors that trigger an out-of-bounds write operation, a different vulnerability than CVE-2012-2883.
Description: Skia, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an out-of-bounds write operation, a different vulnerability than CVE-2012-2883.
Family: windows Class: vulnerability
Reference(s): CVE-2012-2874
 Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15857
 
Oval ID: oval:org.mitre.oval:def:15857
Title: The extension system in Google Chrome before 22.0.1229.79 does not properly handle modal dialogs
Description: The extension system in Google Chrome before 22.0.1229.79 does not properly handle modal dialogs, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2012-2877
 Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24451
 
Oval ID: oval:org.mitre.oval:def:24451
Title: WebKit vulnerability in Apple Safari, this issue was addressed through improved memory handling (CVE-2012-5112)
Description: Use-after-free vulnerability in the SVG implementation in WebKit, as used in Google Chrome before 22.0.1229.94, allows remote attackers to execute arbitrary code via unspecified vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2012-5112
 Version: 4
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
 Product(s): Apple Safari
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 2492
Os 125
Os 105
Os 2

OpenVAS Exploits

Date Description
2012-12-13 Name : SuSE Update for chromium openSUSE-SU-2012:1215-1 (chromium)
File : nvt/gb_suse_2012_1215_1.nasl
2012-12-13 Name : SuSE Update for update openSUSE-SU-2012:1376-1 (update)
File : nvt/gb_suse_2012_1376_1.nasl
2012-11-02 Name : Apple Safari Multiple Vulnerabilities (APPLE-SA-2012-09-19-3)
File : nvt/gb_apple_safari_mult_vuln_nov12_macosx.nasl
2012-10-22 Name : Gentoo Security Advisory GLSA 201210-07 (chromium)
File : nvt/glsa_201210_07.nasl
2012-10-15 Name : Google Chrome Multiple Vulnerabilities-02 Oct12 (Mac OS X)
File : nvt/gb_google_chrome_mult_vuln02_oct12_macosx.nasl
2012-10-15 Name : Google Chrome Multiple Vulnerabilities-02 Oct12 (Windows)
File : nvt/gb_google_chrome_mult_vuln02_oct12_win.nasl
2012-10-15 Name : Google Chrome Multiple Vulnerabilities-02 Oct12 (Linux)
File : nvt/gb_google_chrome_mult_vuln02_oct12_lin.nasl
2012-10-15 Name : Google Chrome Multiple Vulnerabilities-01 Oct12 (Windows)
File : nvt/gb_google_chrome_mult_vuln01_oct12_win.nasl
2012-10-15 Name : Google Chrome Multiple Vulnerabilities-01 Oct12 (Mac OS X)
File : nvt/gb_google_chrome_mult_vuln01_oct12_macosx.nasl
2012-10-15 Name : Google Chrome Multiple Vulnerabilities-01 Oct12 (Linux)
File : nvt/gb_google_chrome_mult_vuln01_oct12_lin.nasl
2012-10-13 Name : FreeBSD Ports: chromium
File : nvt/freebsd_chromium21.nasl
2012-10-13 Name : FreeBSD Ports: chromium
File : nvt/freebsd_chromium20.nasl
2012-10-03 Name : FreeBSD Ports: chromium
File : nvt/freebsd_chromium19.nasl
2012-09-28 Name : Google Chrome Multiple Vulnerabilities - Sep12 (Linux-01)
File : nvt/gb_google_chrome_mult_vuln_sep12_lin01.nasl
2012-09-28 Name : Google Chrome Multiple Vulnerabilities - Sep12 (Mac OS X-01)
File : nvt/gb_google_chrome_mult_vuln_sep12_macosx01.nasl
2012-09-28 Name : Google Chrome Multiple Vulnerabilities - Sep12 (Windows-01)
File : nvt/gb_google_chrome_mult_vuln_sep12_win01.nasl
2012-09-03 Name : Google Chrome Multiple Vulnerabilities - Sep12 (Linux)
File : nvt/gb_google_chrome_mult_vuln_sep12_lin.nasl
2012-09-03 Name : Google Chrome Multiple Vulnerabilities - Sep12 (Mac OS X)
File : nvt/gb_google_chrome_mult_vuln_sep12_macosx.nasl
2012-09-03 Name : Google Chrome Multiple Vulnerabilities - Sep12 (Windows)
File : nvt/gb_google_chrome_mult_vuln_sep12_win.nasl
2012-08-30 Name : FreeBSD Ports: chromium
File : nvt/freebsd_chromium18.nasl
2012-08-30 Name : Gentoo Security Advisory GLSA 201208-03 (chromium)
File : nvt/glsa_201208_03.nasl
2012-08-10 Name : FreeBSD Ports: chromium
File : nvt/freebsd_chromium15.nasl
2012-08-09 Name : Google Chrome Multiple Vulnerabilities - August 12 (Linux)
File : nvt/gb_google_chrome_mult_vuln_aug12_lin.nasl
2012-08-08 Name : Google Chrome Multiple Vulnerabilities - August 12 (Windows)
File : nvt/gb_google_chrome_mult_vuln_aug12_win.nasl
2012-08-08 Name : Google Chrome Multiple Vulnerabilities - August 12 (Mac OS X)
File : nvt/gb_google_chrome_mult_vuln_aug12_macosx.nasl

Nessus® Vulnerability Scanner

Date Description
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-721.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-619.nasl - Type : ACT_GATHER_INFO
2013-05-17 Name : The remote host contains a multimedia application that has multiple vulnerabi...
File : itunes_11_0_3_banner.nasl - Type : ACT_GATHER_INFO
2013-05-17 Name : The remote host contains an application that has multiple vulnerabilities.
File : itunes_11_0_3.nasl - Type : ACT_GATHER_INFO
2013-03-15 Name : The remote host contains a web browser that is affected by several vulnerabil...
File : macosx_Safari6_0_3.nasl - Type : ACT_GATHER_INFO
2013-01-14 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2012-20125.nasl - Type : ACT_GATHER_INFO
2012-11-02 Name : The remote host contains a web browser that is affected by several vulnerabil...
File : macosx_Safari6_0_2.nasl - Type : ACT_GATHER_INFO
2012-10-22 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201210-07.nasl - Type : ACT_GATHER_INFO
2012-10-12 Name : The remote host contains a web browser that is affected by multiple vulnerabi...
File : google_chrome_22_0_1229_94.nasl - Type : ACT_GATHER_INFO
2012-10-12 Name : The remote host contains a web browser that is affected by multiple vulnerabi...
File : google_chrome_22_0_1229_92.nasl - Type : ACT_GATHER_INFO
2012-10-11 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_09e83f7f132611e2afe300262d5ed8ee.nasl - Type : ACT_GATHER_INFO
2012-10-09 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_e6161b65118711e2afe300262d5ed8ee.nasl - Type : ACT_GATHER_INFO
2012-09-27 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_5bae2ab4082011e2be5f00262d5ed8ee.nasl - Type : ACT_GATHER_INFO
2012-09-26 Name : The remote host contains a web browser that is affected by multiple vulnerabi...
File : google_chrome_22_0_1229_79.nasl - Type : ACT_GATHER_INFO
2012-09-04 Name : The remote host contains a web browser that is affected by multiple vulnerabi...
File : google_chrome_21_0_1180_89.nasl - Type : ACT_GATHER_INFO
2012-08-31 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_ee68923df2f511e1801400262d5ed8ee.nasl - Type : ACT_GATHER_INFO
2012-08-15 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201208-03.nasl - Type : ACT_GATHER_INFO
2012-08-13 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_ce84e136e2f611e1a8ca00262d5ed8ee.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote host contains a web browser that is affected by multiple vulnerabi...
File : google_chrome_21_0_1180_60.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:37:38
  • Multiple Updates