Summary
This host is installed with Google Chrome and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attackers to bypass certain security restrictions, execute arbitrary code in the context of the browser or cause a denial of service.
Impact Level: System/Application
Solution
Upgrade to the Google Chrome 23.0.1271.64 or later, For updates refer to http://www.google.com/chrome
Insight
- An integer overflow error exists in WebP handling.
- An error in v8 can be exploited to cause an out-of-bounds array access.
- Multiple use-after-free error exists in SVG filter, video layout, extension tab and plug-in placeholder, handling.
- An error exists related to integer boundary checks within GPU command buffers.
- An error exists related to inappropriate loading of SVG sub resource in 'img' context.
- A race condition error exists in Pepper buffer handling.
- A type casting error exists in certain input handling.
- An error in Skia can be exploited to cause an out-of-bounds read.
- An error in texture handling can be exploited to corrupt memory.
- An error in v8 can be exploited to corrupt memory.
- Defend against wild writes in buggy graphics drivers.
- Integer bounds check issue in GPU command buffers.
Affected
Google Chrome version prior to 23.0.1271.64 on Mac OS X
References
Severity
Classification
-
CVE CVE-2012-5115, CVE-2012-5116, CVE-2012-5117, CVE-2012-5118, CVE-2012-5119, CVE-2012-5121, CVE-2012-5122, CVE-2012-5123, CVE-2012-5124, CVE-2012-5125, CVE-2012-5126, CVE-2012-5127, CVE-2012-5128 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Adobe AIR Multiple Vulnerabilities-01 Sep14 (Windows)
- Adobe Acrobat and Reader PDF Handling Multiple Vulnerabilities (Linux)
- Adobe Acrobat Multiple Unspecified Vulnerabilities - Mac OS X
- Adobe AIR Security Bypass Vulnerability Jan14 (Windows)
- Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Mac OS X)