SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Browser)  >   Google Chrome Vendors:   Google
Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code, Bypass the Pop-up Blocker, Spoof the URL Bar, and Bypass Same Origin Policy
SecurityTracker Alert ID:  1025453
SecurityTracker URL:  http://securitytracker.com/id/1025453
CVE Reference:   CVE-2011-1303, CVE-2011-1304, CVE-2011-1305, CVE-2011-1434, CVE-2011-1435, CVE-2011-1436, CVE-2011-1437, CVE-2011-1438, CVE-2011-1439, CVE-2011-1440, CVE-2011-1441, CVE-2011-1442, CVE-2011-1443, CVE-2011-1444, CVE-2011-1445, CVE-2011-1446, CVE-2011-1447, CVE-2011-1448, CVE-2011-1449, CVE-2011-1450, CVE-2011-1451, CVE-2011-1452, CVE-2011-1454, CVE-2011-1455, CVE-2011-1456   (Links to External Site)
Date:  Apr 28 2011
Impact:   Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of system information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 11.0.696.57
Description:   Multiple vulnerabilities were reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can bypass the pop-up blocker. A remote user can spoof the URL bar. A remote user can bypass same origin policy.

A remote user can create specially crafted HTML that, when loaded by the target user, will execute arbitrary code on the target system [CVE-2011-1303, CVE-2011-1305, CVE-2011-1434, CVE-2011-1435, CVE-2011-1436, CVE-2011-1437, CVE-2011-1439, CVE-2011-1440, CVE-2011-1441, CVE-2011-1442, CVE-2011-1443, CVE-2011-1444, CVE-2011-1445, CVE-2011-1447, CVE-2011-1448, CVE-2011-1449, CVE-2011-1450, CVE-2011-1451, CVE-2011-1454, CVE-2011-1455, CVE-2011-1456]. The code will run with the privileges of the target user.

A remote user can bypass the pop-up blocker [CVE-2011-1304].

A remote user can spoof the URL bar [CVE-2011-1446, CVE-2011-1452].

A remote user can bypass same origin policy [CVE-2011-1438].

Scott Hess of the Chromium development community, Martin Barbella, Chamal De Silva, Kostya Serebryany of the Chromium development community, Aki Helin, Cole Snodgrass, miaubiz, kuzzcc, Julien Tinnes of the Google Security Team, Jose A. Vazquez, Michael Griffiths, Sergey Glazunov, wushi of team 509, Dan Rosenberg, Marek Majkowski, Jordi Chancel, and Eric Roman of the Chromium development community reported these vulnerabilities.

Impact:   A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.

A remote user can bypass the pop-up blocker.

A remote user can spoof the URL bar.

A remote user can bypass same origin policy.

Solution:   The vendor has issued a fix (11.0.696.57).

The vendor's advisory is available at:

http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html

Vendor URL:  googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html (Links to External Site)
Cause:   Access control error, Boundary error, State error
Underlying OS:  Linux (Any), UNIX (macOS/OS X), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Jul 22 2011 (Apple Issues Fix for Apple Safari) Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code, Bypass the Pop-up Blocker, Spoof the URL Bar, and Bypass Same Origin Policy
Apple has issued a fix for Apple Safari.
Oct 12 2011 (Apple Issues Fix for iTunes) Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code, Bypass the Pop-up Blocker, Spoof the URL Bar, and Bypass Same Origin Policy
Apple has issued a fix for iTunes.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC