Google Chrome 'GPU Process' Multiple Code Execution Vulnerabilities (Windows) Network Vulnerability

Summary

The host is installed with Google Chrome and is prone to multiple vulnerabilities.

Impact

Successful exploitation could allow the attackers to execute arbitrary code. Impact Level: Application

Solution

Upgrade to the Google Chrome 10.0.648.205 or later, For updates refer to http://www.google.com/chrome

Insight

The flaws are due to - 'off-by-three' error in GPU process allows remote attackers to execute arbitrary code. - Use-after-free in the vulnerability GPU process. - Heap-based buffer overflow in the GPU process.

Affected

Google Chrome version prior to 10.0.648.205 on Windows

References

http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-1300, CVE-2011-1301, CVE-2011-1302

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Acrobat Multiple Vulnerabilities-01 Sep14 (Windows)
Adobe Acrobat and Reader PDF Handling Multiple Vulnerabilities (Linux)
Adobe Acrobat Multiple Vulnerabilities -01 Jan 13 (Mac OS X)
Adobe AIR Security Bypass Vulnerability Jan14 (Mac OS X)
Adobe AIR Multiple Vulnerabilities(APSB14-24)-(Mac OS X)

Google Chrome 'GPU process' Multiple Code Execution Vulnerabilities (Windows)

Take action and discover your vulnerabilities