English | Deutsch | Español | Português
 UserID:
 Passwd:
 new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   		     Search 61204 CVE descriptions
and 32582 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.901160
Category:General
Title:Google Chrome 'WebKit' Multiple Vulnerabilities (Linux) - Sep 10
Summary:Check for the version of Google Chrome
Description:
Overview: This host is installed with Google Chrome and is prone to multiple
vulnerabilities.

Vulnerability Insight:
The flaws are due to:
- Error in 'toAlphabetic' function in 'rendering/RenderListMarker.cpp' in
WebCore in WebKit.
- Error in 'page/Geolocation.cpp' which does stop timers associated with
geolocation upon deletion of a document.
- Memory corruption in 'font' handling.
- Error in 'editing/markup.cpp' which fails to validate input passed to
'innerHTML' property of textarea.
- Error in 'third_party/WebKit/WebCore/dom/Element.cpp' in 'Element::normalizeAttributes()'
resulting in DOM mutation events being fired.
- 'Clipboard::DispatchObject' function which does not properly handle
'CBF_SMBITMAP objects' in a 'ViewHostMsg_ClipboardWriteObjectsAsync' message
which lead to illegal memory accesses and arbitrary execution related to
'Type Confusion' issue.
- Error in 'rendering/FixedTableLayout.cpp' which leads to denial of service
- 'Cross-origin bypass' in DOM methods.
- Error in 'page/EventHandler.cpp' causes Cross-origin keystroke redirection.

Impact:
Successful exploitation will allow remote attackers to cause a denial of
service, cross-site-scripting and execution of arbitrary code.

Impact Level: Application

Affected Software/OS:
Google Chrome version prior to 5.0.375.70 on Linux

Fix: Upgrade to Google Chrome version 5.0.375.70 or later,
For updates refer to http://www.google.com/chrome

References:
http://secunia.com/advisories/40072
http://code.google.com/p/chromium/issues/detail?id=43902
http://code.google.com/p/chromium/issues/detail?id=43304
http://code.google.com/p/chromium/issues/detail?id=43315
http://code.google.com/p/chromium/issues/detail?id=43307
http://googlechromereleases.blogspot.com/2010/06/stable-channel-update.html
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2010-1773
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044023.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044031.html
http://www.mandriva.com/security/advisories?name=MDVSA-2011:039
SuSE Security Announcement: SUSE-SR:2011:002 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
http://www.ubuntu.com/usn/USN-1006-1
BugTraq ID: 41575
http://www.securityfocus.com/bid/41575
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11830
http://secunia.com/advisories/40072
http://secunia.com/advisories/40557
http://secunia.com/advisories/41856
http://secunia.com/advisories/43068
http://www.vupen.com/english/advisories/2010/1801
http://www.vupen.com/english/advisories/2010/2722
http://www.vupen.com/english/advisories/2011/0212
http://www.vupen.com/english/advisories/2011/0552
Common Vulnerability Exposure (CVE) ID: CVE-2010-1772
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11661
Common Vulnerability Exposure (CVE) ID: CVE-2010-2301
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11861
Common Vulnerability Exposure (CVE) ID: CVE-2010-2302
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11948
Common Vulnerability Exposure (CVE) ID: CVE-2010-2300
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11357
Common Vulnerability Exposure (CVE) ID: CVE-2010-2299
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:12099
Common Vulnerability Exposure (CVE) ID: CVE-2010-2298
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14154
Common Vulnerability Exposure (CVE) ID: CVE-2010-2297
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11434
Common Vulnerability Exposure (CVE) ID: CVE-2010-2296
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:12080
Common Vulnerability Exposure (CVE) ID: CVE-2010-2295
https://bugzilla.mozilla.org/show_bug.cgi?id=552255
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:12003
CopyrightCopyright (C) 2010 SecPod

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  
 Forgot userid or passwd?
Email/Userid:



Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2013 E-Soft Inc. All rights reserved.