Summary
The host is installed with Google Chrome and is prone to multiple vulnerabilities.
Impact
Successful exploitation could allow attackers to execute arbitrary code in the context of the browser, cause denial-of-service conditions and bypass the same-origin policy.
Impact Level: System/Application
Solution
Upgrade to the Google Chrome 14.0.835.202 or later, For updates refer to http://www.google.com/chrome
Insight
Multiple flaws are due to,
- A use-after-free error exists in text line box handling.
- An error in the SVG text handling can be exploited to reference a stale font.
- An error exists within cross-origin access handling associated with a window prototype.
- Some errors exist within audio node handling related to lifetime and threading.
- A use-after-free error exists in the v8 bindings.
- An error when handling v8 hidden objects can be exploited to corrupt memory.
- An error in the shader translator can be exploited to corrupt memory.
Affected
Google Chrome version prior to 14.0.835.202 on Linux
References
Severity
Classification
-
CVE CVE-2011-2876, CVE-2011-2877, CVE-2011-2878, CVE-2011-2879, CVE-2011-2880, CVE-2011-2881, CVE-2011-3873 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe AIR Multiple Vulnerabilities(APSB14-24)-(Mac OS X)
- Adobe AIR Multiple Vulnerabilities(APSB14-22)-(Windows)
- Adobe Air Code Execution and DoS Vulnerabilities (Windows)
- Adobe Acrobat Sandbox Bypass Vulnerability - Aug14 (Windows)
- Adobe Air and Flash Player Multiple Vulnerabilities August-2011 (Windows)