 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.900890 |
| Category: | Denial of Service |
| Title: | Google Chrome Multiple Vulnerabilities (Nov 2009) |
| Summary: | Google Chrome is prone to multiple vulnerabilities. |
| Description: | Summary: Google Chrome is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - Error in 'browser/download/download_exe.cc', which fails to display a warning when a user downloads and opens '.svg', '.mht' or '.xml' files. This can be exploited to disclose the content of local files via a specially crafted web page. - An error in the Gears SQL API implementation can be exploited to put SQL metadata into a bad state and cause a memory corruption. - An error in WebKit, which can be exploited via a web page that calls the JavaScript setInterval method, which triggers an incompatibility between the 'WTF::currentTime' and 'base::Time' functions. - Error in 'WebFrameLoaderClient::dispatchDidChangeLocationWithinPage' function in 'src/webkit/glue/webframeloaderclient_impl.cc' and which can be exploited via a page-local link, related to an 'empty redirect chain, ' as demonstrated by a message in Yahoo! Mail. Vulnerability Impact: Successful exploitation will let the attacker execute arbitrary JavaScript code and disclose the content of local files, memory corruption or CPU consumption and which may result in Denial of Service condition. Affected Software/OS: Google Chrome version prior to 3.0.195.32 on Windows. Solution: Upgrade to version 3.0.195.32 or later. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2009-3931 BugTraq ID: 36947 http://www.securityfocus.com/bid/36947 Bugtraq: 20091106 Using Blended Browser Threats involving Chrome to steal files on your computer (Google Search) http://www.securityfocus.com/archive/1/507713 http://securethoughts.com/2009/11/using-blended-browser-threats-involving-chrome-to-steal-files-on-your-computer/ http://www.osvdb.org/59742 http://secunia.com/advisories/37273 http://www.vupen.com/english/advisories/2009/3159 XForce ISS Database: google-chrome-warning-weak-security(54171) https://exchange.xforce.ibmcloud.com/vulnerabilities/54171 Common Vulnerability Exposure (CVE) ID: CVE-2009-3932 http://www.osvdb.org/59743 Common Vulnerability Exposure (CVE) ID: CVE-2009-3933 http://www.osvdb.org/59745 http://secunia.com/advisories/43068 SuSE Security Announcement: SUSE-SR:2011:002 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://www.vupen.com/english/advisories/2011/0212 XForce ISS Database: googlechrome-webkit-dos(54297) https://exchange.xforce.ibmcloud.com/vulnerabilities/54297 Common Vulnerability Exposure (CVE) ID: CVE-2009-3934 http://www.osvdb.org/59744 XForce ISS Database: googlechrome-webframeloader-dos(54296) https://exchange.xforce.ibmcloud.com/vulnerabilities/54296 |
| Copyright | Copyright (C) 2009 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |