Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.902073
Category:General
Title:Google Chrome 'WebKit' Multiple Vulnerabilities (Windows) - June 10
Summary:This host is installed with Google Chrome and is prone to multiple; vulnerabilities.
Description:Summary:
This host is installed with Google Chrome and is prone to multiple
vulnerabilities.

Vulnerability Insight:
The flaws are due to:

- Error in 'toAlphabetic' function in 'rendering/RenderListMarker.cpp' in
WebCore in WebKit.

- Error in 'page/Geolocation.cpp' which does stop timers associated with
geolocation upon deletion of a document.

- Memory corruption in 'font' handling.

- Error in 'editing/markup.cpp' which fails to validate input passed to
'innerHTML' property of textarea.

- Error in 'third_party/WebKit/WebCore/dom/Element.cpp' in 'Element::normalizeAttributes()'
resulting in DOM mutation events being fired.

- 'Clipboard::DispatchObject' function which does not properly handle
'CBF_SMBITMAP objects' in a 'ViewHostMsg_ClipboardWriteObjectsAsync' message
which lead to illegal memory accesses and arbitrary execution related to
'Type Confusion' issue.

- Error in 'rendering/FixedTableLayout.cpp' which leads to denial of service

- 'Cross-origin bypass' in DOM methods'

- Error in 'page/EventHandler.cpp' causes Cross-origin keystroke redirection.

Vulnerability Impact:
Successful exploitation will allow remote attackers to cause a denial of
service, cross-site-scripting and execution of arbitrary code.

Affected Software/OS:
Google Chrome version prior to 5.0.375.70 on Windows.

Solution:
Upgrade to Google Chrome version 5.0.375.70 or later.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2010-1770
http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html
http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html
http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html
http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html
BugTraq ID: 40620
http://www.securityfocus.com/bid/40620
http://www.mandriva.com/security/advisories?name=MDVSA-2011:039
http://zerodayinitiative.com/advisories/ZDI-10-093/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7099
http://securitytracker.com/id?1024067
http://secunia.com/advisories/40072
http://secunia.com/advisories/40105
http://secunia.com/advisories/40196
http://secunia.com/advisories/41856
http://secunia.com/advisories/42314
http://secunia.com/advisories/43068
SuSE Security Announcement: SUSE-SR:2011:002 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
http://www.ubuntu.com/usn/USN-1006-1
http://www.vupen.com/english/advisories/2010/1373
http://www.vupen.com/english/advisories/2010/1512
http://www.vupen.com/english/advisories/2010/2722
http://www.vupen.com/english/advisories/2011/0212
http://www.vupen.com/english/advisories/2011/0552
Common Vulnerability Exposure (CVE) ID: CVE-2010-1772
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044023.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044031.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11661
http://secunia.com/advisories/40557
http://www.vupen.com/english/advisories/2010/1801
Common Vulnerability Exposure (CVE) ID: CVE-2010-1773
BugTraq ID: 41575
http://www.securityfocus.com/bid/41575
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11830
Common Vulnerability Exposure (CVE) ID: CVE-2010-2295
https://bugzilla.mozilla.org/show_bug.cgi?id=552255
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12003
Common Vulnerability Exposure (CVE) ID: CVE-2010-2296
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12080
Common Vulnerability Exposure (CVE) ID: CVE-2010-2297
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11434
Common Vulnerability Exposure (CVE) ID: CVE-2010-2298
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14154
Common Vulnerability Exposure (CVE) ID: CVE-2010-2299
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12099
Common Vulnerability Exposure (CVE) ID: CVE-2010-2300
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11357
Common Vulnerability Exposure (CVE) ID: CVE-2010-2301
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11861
Common Vulnerability Exposure (CVE) ID: CVE-2010-2302
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11948
CopyrightCopyright (C) 2010 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.