Google Chrome Multiple Vulnerabilities
Last Update Date:
20 Sep 2011 11:48
Release Date:
20 Sep 2011
6250
Views
RISK: High Risk
TYPE: Clients - Browsers
Multiple vulnerabilities have been identified in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to conduct spoofing and cross-site scripting attacks, disclose sensitive information, bypass certain security restrictions, and compromise a user's system.
- A race condition exists within the certificate cache.
- An error within the Windows Media Player plugin can lead to unintended access to system Flash.
- An error exists within the v8 script object wrappers.
- An unspecified error can be exploited to display arbitrary content while showing the URL of a trusted web site in the address bar.
- An error exists within the garbage collection component of the PDF plugin.
- The security issue is caused due to the Mac installer creating lock files in an insecure manner. NOTE: This only affects the Mac version.
- An error within media buffers, box handling, the handling of Khmer and Tibetan characters, video handling and triangle arrays handling can be exploited to cause an out-of-bounds read.
- A use-after-free error exists within unload event handling, the document loader, the plug-in handler, ruby and table style handing, the focus controller and table style handling.
- An unspecified error when handling the forward button can be exploited to display arbitrary content while showing the URL of a trusted web site in the address bar.
- An off-by-one error exists within v8.
- An error within stylesheet handling can lead to a stale node.
- An unspecified error within v8 can be exploited to violate the cross-origin policy.
- A double free error exists within the handling of libxml XPath.
- An unspecified error can lead to incorrect permissions being assigned to non-gallery pages.
- An error within the PDF component can lead to a bad string read.
- An unspecified error can lead to unintended access of v8 built-in objects.
- A type confusion error exists within v8 object sealing.
Impact
- Cross-Site Scripting
- Remote Code Execution
- Security Restriction Bypass
- Information Disclosure
System / Technologies affected
- Google Chrome 13.x
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Upgrade to version 14.0.835.163.
Vulnerability Identifier
- CVE-2011-2834
- CVE-2011-2835
- CVE-2011-2836
- CVE-2011-2837
- CVE-2011-2838
- CVE-2011-2839
- CVE-2011-2840
- CVE-2011-2841
- CVE-2011-2842
- CVE-2011-2843
- CVE-2011-2844
- CVE-2011-2846
- CVE-2011-2847
- CVE-2011-2848
- CVE-2011-2849
- CVE-2011-2850
- CVE-2011-2851
- CVE-2011-2852
- CVE-2011-2853
- CVE-2011-2854
- CVE-2011-2855
- CVE-2011-2856
- CVE-2011-2857
- CVE-2011-2858
- CVE-2011-2859
- CVE-2011-2860
- CVE-2011-2861
- CVE-2011-2862
- CVE-2011-2864
- CVE-2011-2874
- CVE-2011-2875
- CVE-2011-3234
Source
Related Link
Share with