SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Browser)  >   Google Chrome Vendors:   Google
Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1026242
SecurityTracker URL:  http://securitytracker.com/id/1026242
CVE Reference:   CVE-2011-2845, CVE-2011-3875, CVE-2011-3876, CVE-2011-3877, CVE-2011-3878, CVE-2011-3879, CVE-2011-3880, CVE-2011-3881, CVE-2011-3882, CVE-2011-3883, CVE-2011-3884, CVE-2011-3885, CVE-2011-3886, CVE-2011-3887, CVE-2011-3888, CVE-2011-3889, CVE-2011-3890, CVE-2011-3891   (Links to External Site)
Date:  Oct 26 2011
Impact:   Execution of arbitrary code via network, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 15.0.874.102
Description:   Multiple vulnerabilities were reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can spoof the URL bar. A remote user can conduct cross-site scripting attacks.

A remote user can create specially crafted HTML that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user.

A bug in history handling can be exploited to spoof the URL bar [CVE-2011-2845].

A remote user can spoof the URL bar when the target user drags and drops URLs [CVE-2011-3875].

An unspecified flaw with whitespace characters in download filenames exists [CVE-2011-3876].

A remote user can conduct cross-site scripting attacks via the appcache internals page [CVE-2011-3877].

A remote user can exploit a race condition in worker process initialization with unspecified impact [CVE-2011-3878].

An unspecified flaw with redirecting to chrome scheme URIs exists [CVE-2011-3879].

An unspecified flaw with certain characters as a HTTP header delimiter exists [CVE-2011-3880].

A remote user can violate cross-origin policy restrictions [CVE-2011-3881].

A remote user can trigger a use-after-free memory error in media buffer handling [CVE-2011-3882].

A remote user can trigger a use-after-free memory error in counter handling [CVE-2011-3883].

A remote user can exploit timing issues in DOM traversal with unspecified impact [CVE-2011-3884].

A remote user can trigger a use-after-free memory error via stale style bugs [CVE-2011-3885].

A remote user can trigger an out of bounds memory write error in the v8 engine [CVE-2011-3886].

A remote user can create a javascript URI to obtain the target user's cookies [CVE-2011-3887].

A remote user can trigger a use-after-free memory error in plug-in and editing [CVE-2011-3888].

A remote user can trigger a heap overflow in Web Audio [CVE-2011-3889].

A remote user can trigger a use-after-free memory error in video source handling [CVE-2011-3890].

A remote user can access internal v8 engine functions with unspecified impact [CVE-2011-3891].

Jordi Chancel, Marc Novak, Google Chrome Security Team (Tom Sepez), Juho Nurminen, miaubiz, Masato Kinugawa, Vladimir Vorontsov, ONsec company, Sergey Glazunov, Google Chrome Security Team (Inferno), Brian Ryner of the Chromium development community, Christian Holler, Ami Fischman of the Chromium development community, Steven Keuchel of the Chromium development community, and Daniel Divricean reported these vulnerabilities.

Impact:   A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.

A remote user can spoof the URL bar.

A remote user can conduct cross-site scripting attacks.

Solution:   The vendor has issued a fix (15.0.874.102).

The vendor's advisory is available at:

http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html

Vendor URL:  googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Any), UNIX (macOS/OS X), Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC