Summary
The host is installed with Google Chrome and is prone to multiple vulnerabilities.
Impact
Successful exploitation could allow attackers to execute arbitrary code in the context of the browser, cause denial-of-service conditions and bypass the same-origin policy.
Impact Level: System/Application
Solution
Upgrade to the Google Chrome 14.0.835.202 or later, For updates refer to http://www.google.com/chrome
Insight
Multiple flaws are due to,
- A use-after-free error exists in text line box handling.
- An error in the SVG text handling can be exploited to reference a stale font.
- An error exists within cross-origin access handling associated with a window prototype.
- Some errors exist within audio node handling related to lifetime and threading.
- A use-after-free error exists in the v8 bindings.
- An error when handling v8 hidden objects can be exploited to corrupt memory.
- An error in the shader translator can be exploited to corrupt memory.
Affected
Google Chrome version prior to 14.0.835.202 on Windows
References
Severity
Classification
-
CVE CVE-2011-2876, CVE-2011-2877, CVE-2011-2878, CVE-2011-2879, CVE-2011-2880, CVE-2011-2881, CVE-2011-3873 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Flash Player 'SWF' File Multiple Code Execution Vulnerability - Mac OS X
- Adobe Acrobat Multiple Vulnerabilities -01 Jan 13 (Mac OS X)
- Adobe Extension Manager CS5 Insecure Library Loading Vulnerability (Win)
- Adobe AIR Multiple Vulnerabilities(APSB14-24)-(Windows)
- Adobe Air Multiple Vulnerabilities - October 12 (Mac OS X)