Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1025730 |
|
SecurityTracker URL: http://securitytracker.com/id/1025730
|
|
CVE Reference:
CVE-2011-2345, CVE-2011-2346, CVE-2011-2347, CVE-2011-2348, CVE-2011-2349, CVE-2011-2350, CVE-2011-2351
(Links to External Site)
|
Date: Jun 28 2011
|
Impact:
Execution of arbitrary code via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): prior to 12.0.742.112
|
Description:
Multiple vulnerabilities were reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system.
A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary code on the target system. The code will run with the privileges of the target user.
A specially crafted NPAPI string can trigger an out-of-bounds read [CVE-2011-2345]. Philippe Arteau reported this vulnerability.
A specially crafted SVG font can trigger a use-after-free [CVE-2011-2346]. miaubiz reported this vulnerability.
Specially crafted CSS can trigger memory corruption [CVE-2011-2347]. miaubiz reported this vulnerability.
Certain lifetime and re-entrancy issues exist in the HTML parser [CVE-2011-2350]. miaubiz reported this vulnerability.
Bounds checking errors exist in the v8 JavaScript engine [CVE-2011-2348]. Aki Helin of OUSPG reported this vulnerability.
A specially crafted SVG use element can trigger a use-after-free [CVE-2011-2351]. miaubiz reported this vulnerability.
Text selection can trigger a use-after-free [CVE-2011-2349]. miaubiz reported this vulnerability.
|
Impact:
A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.
|
Solution:
The vendor has issued a fix (12.0.742.112).
The vendor's advisory is available at:
http://googlechromereleases.blogspot.com/2011/06/stable-channel-update_28.html
|
Vendor URL: googlechromereleases.blogspot.com/2011/06/stable-channel-update_28.html (Links to External Site)
|
Cause:
Access control error, Boundary error
|
Underlying OS:
Linux (Any), UNIX (OS X), Windows (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Tue, 28 Jun 2011 19:38:21 +0000
Subject: Google Chrome
|
http://googlechromereleases.blogspot.com/2011/06/stable-channel-update_28.html
[$1000] [77493] Medium CVE-2011-2345: Out-of-bounds read in NPAPI string handling. Credit to Philippe Arteau.
[$1000] [84355] High CVE-2011-2346: Use-after-free in SVG font handling. Credit to miaubiz.
[$1000] [85003] High CVE-2011-2347: Memory corruption in CSS parsing. Credit to miaubiz.
[$500] [85102] High CVE-2011-2350: Lifetime and re-entrancy issues in the HTML parser. Credit to miaubiz.
[$500] [85177] High CVE-2011-2348: Bad bounds check in v8. Credit to Aki Helin of OUSPG.
[$1000] [85211] High CVE-2011-2351: Use-after-free with SVG use element. Credit to miaubiz.
[$1000] [85418] High CVE-2011-2349: Use-after-free in text selection. Credit to miaubiz.
|
|
