Summary
The host is running Google Chrome and is prone to multiple vulnerabilities.
Impact
Successful exploitation could allow attackers to execute arbitrary code in the context of the browser, inject scripts, bypass certain security restrictions, or cause a denial-of-service condition.
Impact Level: System/Application
Solution
Upgrade to the Google Chrome 13.0.782.215 or later, For updates refer to http://www.google.com/chrome
Insight
Multiple flaws are due to,
- Multiple use-after-free error exists within the handling of features like line boxes, counter nodes, custom fonts and text searching.
- A double free error exists in libxml when handling XPath expression.
- An error related to empty origins allows attackers to violate the cross-origin policy.
- An integer overflow error in uniform arrays.
- Improper usage of memset() library function in the PDF implementation.
Affected
Google Chrome version prior to 13.0.782.215 on Linux.
References
Severity
Classification
-
CVE CVE-2011-2821, CVE-2011-2823, CVE-2011-2824, CVE-2011-2825, CVE-2011-2826, CVE-2011-2827, CVE-2011-2828, CVE-2011-2829, CVE-2011-2839 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Adobe AIR Multiple Vulnerabilities-01 Sep14 (Windows)
- Adobe AIR Multiple Vulnerabilities(APSB14-22)-(Mac OS X)
- Adobe Acrobat Multiple Vulnerabilities-01 Dec14 (Mac OS X)
- Adobe Flash Player 'SWF' File Multiple Code Execution Vulnerability - Mac OS X
- Adobe Air and Flash Player Multiple Vulnerabilities August-2011 (Windows)