Google Chrome < 17.0.963.46 Multiple Vulnerabilities


Synopsis :

The remote host contains a web browser that is affected by multiple
vulnerabilities.

Description :

The version of Google Chrome installed on the remote host is earlier
than 17.0.963.46 and is, therefore, affected by the following
vulnerabilities:

- Clipboard monitoring after a paste action is possible.
(CVE-2011-3953)

- Application crashes are possible with excessive
database usage, killing an 'IndexDB' transaction,
signature checks and processing unusual certificates.
(CVE-2011-3954, CVE-2011-3955, CVE-2011-3965,
CVE-2011-3967)

- Sandboxed origins are not handled properly inside
extensions. (CVE-2011-3956)

- Use-after-free errors exist related to PDF garbage
collection, stylesheet error handling, CSS handling,
SVG layout and 'mousemove' event handling.
(CVE-2011-3957, CVE-2011-3966, CVE-2011-3968,
CVE-2011-3969, CVE-2011-3971)

- An error exists related to bad casting and column
spans. (CVE-2011-3958)

- A buffer overflow exists related to locale handing.
(CVE-2011-3959)

- Out-of-bounds read errors exist related to audio
decoding, path clipping, PDF fax imaging, 'libxslt',
and the shader translator. (CVE-2011-3960,
CVE-2011-3962, CVE-2011-3963, CVE-2011-3970,
CVE-2011-3972)

- A race condition exists after a utility process
crashes. (CVE-2011-3961)

- An unspecified error exists related to the URL bar
after drag and drop operations. (CVE-2011-3964)

See also :


only registered users with at least 25 hack challenge points can see links:
click here in order to visit the hack challenges

Solution :

Upgrade to Google Chrome 17.0.963.46 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)



original thread:
only registered users with at least 25 hack challenge points can see links:
click here in order to visit the hack challenges