Summary
The host is installed with Google Chrome and is prone to multiple vulnerabilities.
Impact
Successful exploitation could allow attackers to inject scripts, bypass certain security restrictions, execute arbitrary code in the context of the browser or cause a denial of service.
Impact Level: System/Application
Solution
Upgrade to the Google Chrome 18.0.1025.142 or later, For updates refer to http://www.google.com/chrome
Insight
The flaws are due to
- An error while handling the EUC-JP encoding system, may allow cross-site scripting attacks.
- An unspecified error in Skia can be exploited to corrupt memory.
- A use-after-free error exists in SVG clipping.
- A validation error exists within the handling of certain navigation requests from the renderer.
- An off-by-one error exists in OpenType sanitizer.
- An error exists within SPDY proxy certificate checking.
- An error in text fragment handling can be exploited to cause an out-of-bounds read.
- An error in SVG text handling can be exploited to cause an out-of-bounds read.
Affected
Google Chrome version prior to 18.0.1025.142 on Windows
References
Severity
Classification
-
CVE CVE-2011-3058, CVE-2011-3059, CVE-2011-3060, CVE-2011-3061, CVE-2011-3062, CVE-2011-3063, CVE-2011-3064, CVE-2011-3065 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe ExtendedScript Toolkit (ESTK) Insecure Library Loading Vulnerability (Win)
- Adobe AIR Multiple Vulnerabilities-01 Jun14 (Windows)
- Adobe Extension Manager CS5 Insecure Library Loading Vulnerability (Win)
- Adobe Acrobat Multiple Unspecified Vulnerabilities - Mac OS X
- 7T Interactive Graphical SCADA System Multiple Security Vulnerabilities