Executive Summary
| Summary | |
|---|---|
| Title | chromium-browser security update |
| Informations | |||
|---|---|---|---|
| Name | DSA-2166 | First vendor Publication | 2011-02-16 |
| Vendor | Debian | Last vendor Modification | 2011-02-16 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Several vulnerabilities were discovered in the Chromium browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-0777 Use-after-free vulnerability in Google Chrome before 9.0.597.84 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to image loading CVE-2011-0778 Google Chrome before 9.0.597.84 does not properly restrict drag and drop operations, which might allow remote attackers to bypass the Same Origin Policy via unspecified vectors CVE-2011-0783 Unspecified vulnerability in Google Chrome before 9.0.597.84 allows user-assisted remote attackers to cause a denial of service (application crash) via vectors involving a "bad volume setting." CVE-2011-0983 Google Chrome before 9.0.597.94 does not properly handle anonymous blocks, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." CVE-2011-0981 Google Chrome before 9.0.597.94 does not properly perform event handling for animations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." CVE-2011-0984 Google Chrome before 9.0.597.94 does not properly handle plug-ins, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors CVE-2011-0985 Google Chrome before 9.0.597.94 does not properly perform process termination upon memory exhaustion, which has unspecified impact and remote attack vectors. For the stable distribution (squeeze), these problems have been fixed in version 6.0.472.63~r59945-5+squeeze2 For the testing distribution (wheezy), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 9.0.597.98~r74359-1 We recommend that you upgrade your chromium-browser packages. |
Original Source
| Url : http://www.debian.org/security/2011/dsa-2166 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 33 % | CWE-20 | Improper Input Validation |
| 17 % | CWE-416 | Use After Free |
| 17 % | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
| 17 % | CWE-264 | Permissions, Privileges, and Access Controls |
| 17 % | CWE-125 | Out-of-bounds Read |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:12384 | |||
| Oval ID: | oval:org.mitre.oval:def:12384 | ||
| Title: | DSA-2188-1 webkit -- several | ||
| Description: | Several vulnerabilities have been discovered in webkit, a Web content engine library for Gtk+. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-1783 WebKit does not properly handle dynamic modification of a text node, which allows remote attackers to execute arbitrary code or cause a denial of service via a crafted HTML document. CVE-2010-2901 The rendering implementation in WebKit allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. CVE-2010-4199 WebKit does not properly perform a cast of an unspecified variable during processing of an SVG use element, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted SVG document. CVE-2010-4040 WebKit does not properly handle animated GIF images, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted image. CVE-2010-4492 Use-after-free vulnerability in WebKit allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG animations. CVE-2010-4493 Use-after-free vulnerability in Webkit allows remote attackers to cause a denial of service via vectors related to the handling of mouse dragging events CVE-2010-4577 The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit does not properly parse Cascading Style Sheets token sequences, which allows remote attackers to cause a denial of service via a crafted local font, related to "Type Confusion." CVE-2010-4578 WebKit does not properly perform cursor handling, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale pointers." CVE-2011-0482 WebKit does not properly perform a cast of an unspecified variable during handling of anchors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted HTML document CVE-2011-0778 WebKit does not properly restrict drag and drop operations, which might allow remote attackers to bypass the Same Origin Policy via unspecified vectors. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2188-1 CVE-2010-1783 CVE-2010-2901 CVE-2010-4199 CVE-2010-4040 CVE-2010-4492 CVE-2010-4493 CVE-2010-4577 CVE-2010-4578 CVE-2010-0474 CVE-2011-0482 CVE-2011-0778 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | webkit |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:12895 | |||
| Oval ID: | oval:org.mitre.oval:def:12895 | ||
| Title: | DSA-2166-1 chromium-browser -- several | ||
| Description: | Several vulnerabilities were discovered in the Chromium browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-0777 Use-after-free vulnerability in Google Chrome before 9.0.597.84 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to image loading CVE-2011-0778 Google Chrome before 9.0.597.84 does not properly restrict drag and drop operations, which might allow remote attackers to bypass the Same Origin Policy via unspecified vectors CVE-2011-0783 Unspecified vulnerability in Google Chrome before 9.0.597.84 allows user-assisted remote attackers to cause a denial of service via vectors involving a "bad volume setting." CVE-2011-0983 Google Chrome before 9.0.597.94 does not properly handle anonymous blocks, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." CVE-2011-0981 Google Chrome before 9.0.597.94 does not properly perform event handling for animations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." CVE-2011-0984 Google Chrome before 9.0.597.94 does not properly handle plug-ins, which allows remote attackers to cause a denial of service via unspecified vectors CVE-2011-0985 Google Chrome before 9.0.597.94 does not properly perform process termination upon memory exhaustion, which has unspecified impact and remote attack vectors. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2166-1 CVE-2011-0777 CVE-2011-0778 CVE-2011-0783 CVE-2011-0983 CVE-2011-0981 CVE-2011-0984 CVE-2011-0985 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | chromium-browser |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:14173 | |||
| Oval ID: | oval:org.mitre.oval:def:14173 | ||
| Title: | USN-1195-1 -- webkit vulnerabilities | ||
| Description: | webkit: Web content engine library for GTK+ Multiple security vulnerabilities were fixed in WebKit. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1195-1 CVE-2010-1824 CVE-2010-2646 CVE-2010-2651 CVE-2010-2900 CVE-2010-2901 CVE-2010-3120 CVE-2010-3254 CVE-2010-3812 CVE-2010-3813 CVE-2010-4040 CVE-2010-4042 CVE-2010-4197 CVE-2010-4198 CVE-2010-4199 CVE-2010-4204 CVE-2010-4206 CVE-2010-4492 CVE-2010-4493 CVE-2010-4577 CVE-2010-4578 CVE-2011-0482 CVE-2011-0778 | Version: | 5 |
| Platform(s): | Ubuntu 10.10 Ubuntu 10.04 | Product(s): | webkit |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:14228 | |||
| Oval ID: | oval:org.mitre.oval:def:14228 | ||
| Title: | Google Chrome before 9.0.597.84 does not properly restrict drag and drop operations, which might allow remote attackers to bypass the Same Origin Policy via unspecified vectors. | ||
| Description: | Google Chrome before 9.0.597.84 does not properly restrict drag and drop operations, which might allow remote attackers to bypass the Same Origin Policy via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0778 | Version: | 15 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14320 | |||
| Oval ID: | oval:org.mitre.oval:def:14320 | ||
| Title: | Google Chrome before 9.0.597.94 does not properly perform event handling for animations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | ||
| Description: | Google Chrome before 9.0.597.94 does not properly perform event handling for animations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0981 | Version: | 15 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14506 | |||
| Oval ID: | oval:org.mitre.oval:def:14506 | ||
| Title: | Google Chrome before 9.0.597.94 does not properly perform process termination upon memory exhaustion, which has unspecified impact and remote attack vectors. | ||
| Description: | Google Chrome before 9.0.597.94 does not properly perform process termination upon memory exhaustion, which has unspecified impact and remote attack vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0985 | Version: | 15 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14514 | |||
| Oval ID: | oval:org.mitre.oval:def:14514 | ||
| Title: | Use-after-free vulnerability in Google Chrome before 9.0.597.84 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to image loading. | ||
| Description: | Use-after-free vulnerability in Google Chrome before 9.0.597.84 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to image loading. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0777 | Version: | 15 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14543 | |||
| Oval ID: | oval:org.mitre.oval:def:14543 | ||
| Title: | Google Chrome before 9.0.597.94 does not properly handle anonymous blocks, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | ||
| Description: | Google Chrome before 9.0.597.94 does not properly handle anonymous blocks, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0983 | Version: | 15 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14719 | |||
| Oval ID: | oval:org.mitre.oval:def:14719 | ||
| Title: | Google Chrome before 9.0.597.94 does not properly handle plug-ins, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | ||
| Description: | Google Chrome before 9.0.597.94 does not properly handle plug-ins, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0984 | Version: | 15 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14730 | |||
| Oval ID: | oval:org.mitre.oval:def:14730 | ||
| Title: | Unspecified vulnerability in Google Chrome before 9.0.597.84 allows user-assisted remote attackers to cause a denial of service (application crash) via vectors involving a "bad volume setting." | ||
| Description: | Unspecified vulnerability in Google Chrome before 9.0.597.84 allows user-assisted remote attackers to cause a denial of service (application crash) via vectors involving a "bad volume setting." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0783 | Version: | 15 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2011-10-20 | Name : Apple iTunes Multiple Vulnerabilities - Oct 11 File : nvt/gb_apple_itunes_mult_vuln_oct11_win.nasl |
| 2011-08-27 | Name : Ubuntu Update for webkit USN-1195-1 File : nvt/gb_ubuntu_USN_1195_1.nasl |
| 2011-05-12 | Name : Debian Security Advisory DSA 2188-1 (webkit) File : nvt/deb_2188_1.nasl |
| 2011-03-07 | Name : Debian Security Advisory DSA 2166-1 (chromium-browser) File : nvt/deb_2166_1.nasl |
| 2011-03-05 | Name : FreeBSD Ports: webkit-gtk2 File : nvt/freebsd_webkit-gtk23.nasl |
| 2011-02-18 | Name : Fedora Update for webkitgtk FEDORA-2011-1224 File : nvt/gb_fedora_2011_1224_webkitgtk_fc13.nasl |
| 2011-02-17 | Name : Google Chrome Multiple Denial of Service Vulnerabilities - February 11(Linux) File : nvt/gb_google_chrome_mult_dos_vuln_feb11_lin.nasl |
| 2011-02-17 | Name : Google Chrome Multiple Denial of Service Vulnerabilities - February 11(Windows) File : nvt/gb_google_chrome_mult_dos_vuln_feb11_win.nasl |
| 2011-02-08 | Name : Google Chrome multiple vulnerabilities - February 11(Linux) File : nvt/gb_google_chrome_mult_vuln_feb11_lin.nasl |
| 2011-02-08 | Name : Google Chrome multiple vulnerabilities - February 11(Windows) File : nvt/gb_google_chrome_mult_vuln_feb11_win.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 70990 | Google Chrome Image Loading Use-after-free DoS Google Chrome contains a use-after-free flaw that may allow a remote denial of service. The issue is triggered when the program fails to properly handle image loading, and will result in loss of availability for the program. |
| 70989 | Google Chrome Drag and Drop Same Origin Policy Bypass Google Chrome contains a flaw related to the failure to properly restrict cross-origin drag and drop operations that may allow a remote attacker to bypass the Same Origin Policy. No further details have been provided. |
| 70983 | Google Chrome Volume Setting Unspecified DoS Google Chrome contains a flaw related to the volume setting that may allow a context-dependent attacker to cause a denial of service. No further details have been provided. |
| 70980 | Google Chrome Anonymous Block Handling Stale Pointer DoS Google Chrome contains a flaw that may allow a remote denial of service. The issue is triggered when the program fails to properly handle anonymous blocks, allowing a remote attacker to cause a stale pointer condition, leading to a denial of service. |
| 70979 | Google Chrome Plugin Handling Out-of-Bounds Read DoS Google Chrome contains a flaw that may allow a remote denial of service. The issue is triggered when the program fails to properly handle plug-ins, allowing a remote attacker to cause an out-of-bounds read, leading to a denial of service. |
| 70978 | Google Chrome Memory Exhaustion Process Termination Issue Google Chrome contains a flaw related to the failure to terminate processes upon memory exhaustion that may allow an attacker to have an unspecified impact. No further details have been provided. |
| 70977 | Google Chrome Animation Event Handling Stale Pointer DoS Google Chrome contains a flaw that may allow a remote denial of service. The issue is triggered when the program fails to properly perform animation event handling, leading to a stale pointer which will result in a denial of service. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_libwebkit-110223.nasl - Type : ACT_GATHER_INFO |
| 2011-10-12 | Name : The remote host contains a multimedia application that has multiple vulnerabi... File : itunes_10_5.nasl - Type : ACT_GATHER_INFO |
| 2011-10-12 | Name : The remote host contains a multimedia application that has multiple vulnerabi... File : itunes_10_5_banner.nasl - Type : ACT_GATHER_INFO |
| 2011-08-24 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1195-1.nasl - Type : ACT_GATHER_INFO |
| 2011-07-21 | Name : The remote host contains a web browser that is affected by several vulnerabil... File : macosx_Safari5_1.nasl - Type : ACT_GATHER_INFO |
| 2011-07-21 | Name : The remote host contains a web browser that is affected by several vulnerabil... File : safari_5_1.nasl - Type : ACT_GATHER_INFO |
| 2011-06-29 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_webkit-1_2_7-update-110622.nasl - Type : ACT_GATHER_INFO |
| 2011-05-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_libwebkit-110223.nasl - Type : ACT_GATHER_INFO |
| 2011-03-11 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2188.nasl - Type : ACT_GATHER_INFO |
| 2011-02-20 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2166.nasl - Type : ACT_GATHER_INFO |
| 2011-02-18 | Name : The remote Fedora host is missing a security update. File : fedora_2011-1224.nasl - Type : ACT_GATHER_INFO |
| 2011-02-11 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_35ecdcbe350111e0afcd0015f2db7bde.nasl - Type : ACT_GATHER_INFO |
| 2011-02-09 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : google_chrome_9_0_597_94.nasl - Type : ACT_GATHER_INFO |
| 2011-02-04 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : google_chrome_9_0_597_84.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:29:53 |
|
