Google Chrome Multiple Vulnerabilites
RISK: High Risk
TYPE: Clients - Browsers
Multiple vulnerabilities have been identified in Google Chrome, which could be exploited by remote attackers to bypass security restrictions, disclose sensitive information, conduct spoofing attacks, and compromise a vulnerable system.
An unspecified error related to a stale pointer exists within the handling of floating objects.
A linked-list race condition exists within the database handling.
Note: This vulnerability only affects the Linux and Mac versions.The MIME handling does not properly ensure thread safety.
An extension with "tabs" permission can gain access to local files.
An integer overflow error exists within the float rendering.
An error related to blobs can be exploited to violate the same origin policy.
An unspecified error can be exploited to cause an interference between renderer processes.
Note: This vulnerability only affects the Linux version.A use-after-free error exists within the handling of "<ruby>" tags and CSS.
A casting error exists within then handling of floating select lists.
An error related to mutation events can be exploited to corrupt node trees.
An unspecified error related to stale pointers exists in the layering code.
A race condition error exists within the sandbox launcher.
Note: This vulnerability only affects the Linux version.Interrupted loads and navigation errors can be leveraged to spoof the URL bar.
An unspecified error related to a stale pointer exists within the handling of drop-down lists.
An unspecified error related to a stale pointer exists within the height calculations.
A use-after-free error exists within the handling of WebSockets.
An error related to dangling pointers exists within the handling of file dialogs.
An error related to dangling pointers exists within the handling of DOM id maps.
Redirects and manual reloads can be exploited to spoof the URL bar.
A use-after-free error exists within the handling of DOM ids.
An error related to stale pointers exists within the handling of PDF forms.
Impact
- Remote Code Execution
- Security Restriction Bypass
- Information Disclosure
- Spoofing
System / Technologies affected
- Google Chrome 10.x
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Upgrade to version 11.0.696.57.
Vulnerability Identifier
- CVE-2010-4422
- CVE-2010-4447
- CVE-2010-4448
- CVE-2010-4450
- CVE-2010-4454
- CVE-2010-4462
- CVE-2010-4463
- CVE-2010-4465
- CVE-2010-4467
- CVE-2010-4468
- CVE-2010-4469
- CVE-2010-4470
- CVE-2010-4471
- CVE-2010-4472
- CVE-2010-4473
- CVE-2010-4476
- CVE-2011-1303
- CVE-2011-1304
- CVE-2011-1305
- CVE-2011-1434
- CVE-2011-1435
- CVE-2011-1436
- CVE-2011-1437
- CVE-2011-1438
- CVE-2011-1439
- CVE-2011-1440
- CVE-2011-1441
- CVE-2011-1442
- CVE-2011-1443
- CVE-2011-1444
- CVE-2011-1445
- CVE-2011-1446
- CVE-2011-1447
- CVE-2011-1448
- CVE-2011-1449
- CVE-2011-1450
- CVE-2011-1451
- CVE-2011-1452
- CVE-2011-1454
- CVE-2011-1455
- CVE-2011-1456
Source
Related Link
Share with