Summary
The host is installed with Google Chrome and is prone multiple vulnerabilities.
Impact
Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service.
Impact Level: Application
Solution
Upgrade to the Google Chrome 16.0.912.77 or later, For updates refer to http://www.google.com/chrome
Insight
Multiple flaws are due to an,
- Use-after-free error and it is related to DOM selections and DOM handling.
- Use-after-free error in the Safe Browsing feature and it is related to a navigation entry and an interstitial page.
- Heap-based buffer overflow in the tree builder, allows remote attackers to cause a denial of service.
- Error in Skia, does not perform all required initialization of values.
Affected
Google Chrome version prior to 16.0.912.77 on Mac OS X
References
- http://code.google.com/p/chromium/issues/detail?id=108461
- http://googlechromereleases.blogspot.com/2012/01/stable-channel-update_23.html
- http://secunia.com/advisories/47694/
- http://securityorb.com/2012/01/google-releases-chrome-16-0-912-77/
- http://www.securitytracker.com/id/1026569
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2011-3924, CVE-2011-3925, CVE-2011-3926, CVE-2011-3927, CVE-2011-3928 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- 7T Interactive Graphical SCADA System Multiple Security Vulnerabilities
- Adobe Air Code Execution and DoS Vulnerabilities (MAC OS X)
- Adobe Air Multiple Vulnerabilities - December12 (Mac OS X)
- Adobe Acrobat Multiple Unspecified Vulnerabilities-01 Sep13 (Windows)
- Adobe AIR Multiple Vulnerabilities-01 Jan15 (Mac OS X)