Google Chrome Multiple Vulnerabilities
Last Update Date:
4 Aug 2011 09:57
Release Date:
4 Aug 2011
6870
Views
RISK: High Risk
TYPE: Clients - Browsers
Multiple vulnerabilities have been identified in Google Chrome, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, and compromise a user's system.
- An unspecified error exists when confirming an extension install via a browser dialog.
- An unspecified error can be exploited to disclose the local file path via GL program log, cause an out-of-bounds write and read, and lead to a cross-frame function leak, internal schemes being web accessible, client-side redirect target being leaked, a crash when handling nested functions within a PDF file, cross-origin script injection and cross-origin violation in base URI handling.
- An error in rendering due to bad line box tracking can lead to a stale pointer.
- The application does not prompt when downloading dangerous files.
- An error exists within file permissions when handling drag and drop events.
- An error when installing a developer mode NPAPI extension does not confirm the install via a browser dialog.
- An input sanitisation error exists when handling homepage URL in extensions.
- The application does not verify that the speech input bubble is on-screen.
- An error due to re-entrancy issue in GPU lock can be exploited to cause a crash.
- An error within inspector serialization can be exploited to cause a buffer overflow.
- A use-after-free error exists within Pepper plug-in instantiation, float removal, media selectors, Skia, resource caching, HTML range handling, the frame loader, display box rendering, and when handling floating styles.
- An error exists with v8 when handling const lookups.
Impact
- Remote Code Execution
- Security Restriction Bypass
- Information Disclosure
System / Technologies affected
- Google Chrome 12.x
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Upgrade to version 13.0.782.107.
Vulnerability Identifier
- CVE-2011-2358
- CVE-2011-2359
- CVE-2011-2360
- CVE-2011-2361
- CVE-2011-2782
- CVE-2011-2783
- CVE-2011-2784
- CVE-2011-2785
- CVE-2011-2786
- CVE-2011-2787
- CVE-2011-2788
- CVE-2011-2789
- CVE-2011-2790
- CVE-2011-2791
- CVE-2011-2792
- CVE-2011-2793
- CVE-2011-2794
- CVE-2011-2795
- CVE-2011-2796
- CVE-2011-2797
- CVE-2011-2798
- CVE-2011-2799
- CVE-2011-2800
- CVE-2011-2801
- CVE-2011-2802
- CVE-2011-2803
- CVE-2011-2804
- CVE-2011-2805
- CVE-2011-2818
- CVE-2011-2819
Source
Related Link
Share with