 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.0.900890 |
| Kategorie: | Denial of Service |
| Titel: | Google Chrome Multiple Vulnerabilities (Nov 2009) |
| Zusammenfassung: | Google Chrome is prone to multiple vulnerabilities. |
| Beschreibung: | Summary: Google Chrome is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - Error in 'browser/download/download_exe.cc', which fails to display a warning when a user downloads and opens '.svg', '.mht' or '.xml' files. This can be exploited to disclose the content of local files via a specially crafted web page. - An error in the Gears SQL API implementation can be exploited to put SQL metadata into a bad state and cause a memory corruption. - An error in WebKit, which can be exploited via a web page that calls the JavaScript setInterval method, which triggers an incompatibility between the 'WTF::currentTime' and 'base::Time' functions. - Error in 'WebFrameLoaderClient::dispatchDidChangeLocationWithinPage' function in 'src/webkit/glue/webframeloaderclient_impl.cc' and which can be exploited via a page-local link, related to an 'empty redirect chain, ' as demonstrated by a message in Yahoo! Mail. Vulnerability Impact: Successful exploitation will let the attacker execute arbitrary JavaScript code and disclose the content of local files, memory corruption or CPU consumption and which may result in Denial of Service condition. Affected Software/OS: Google Chrome version prior to 3.0.195.32 on Windows. Solution: Upgrade to version 3.0.195.32 or later. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2009-3931 BugTraq ID: 36947 http://www.securityfocus.com/bid/36947 Bugtraq: 20091106 Using Blended Browser Threats involving Chrome to steal files on your computer (Google Search) http://www.securityfocus.com/archive/1/507713 http://securethoughts.com/2009/11/using-blended-browser-threats-involving-chrome-to-steal-files-on-your-computer/ http://www.osvdb.org/59742 http://secunia.com/advisories/37273 http://www.vupen.com/english/advisories/2009/3159 XForce ISS Database: google-chrome-warning-weak-security(54171) https://exchange.xforce.ibmcloud.com/vulnerabilities/54171 Common Vulnerability Exposure (CVE) ID: CVE-2009-3932 http://www.osvdb.org/59743 Common Vulnerability Exposure (CVE) ID: CVE-2009-3933 http://www.osvdb.org/59745 http://secunia.com/advisories/43068 SuSE Security Announcement: SUSE-SR:2011:002 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://www.vupen.com/english/advisories/2011/0212 XForce ISS Database: googlechrome-webkit-dos(54297) https://exchange.xforce.ibmcloud.com/vulnerabilities/54297 Common Vulnerability Exposure (CVE) ID: CVE-2009-3934 http://www.osvdb.org/59744 XForce ISS Database: googlechrome-webframeloader-dos(54296) https://exchange.xforce.ibmcloud.com/vulnerabilities/54296 |
| Copyright | Copyright (C) 2009 Greenbone AG |
| Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |