Summary
This host is installed with Google Chrome and is prone to multiple vulnerabilities.
Impact
Successful exploitation could allow attackers to bypass certain security restrictions, execute arbitrary code in the context of the browser or cause a denial of service.
Impact Level: System/Application
Solution
Upgrade to the Google Chrome 19.0.1084.52 or later, For updates refer to http://www.google.com/chrome
Insight
The flaws are due to
- An unspecified error exists in the v8 garbage collection, plug-in JavaScript bindings.
- A use-after-free error exists in the browser cache, first-letter handling and with encrypted PDF.
- An out-of-bounds read error exists in Skia.
- An error with websockets over SSL can be exploited to corrupt memory.
- An invalid read error exists in v8.
- An invalid cast error exists with colorspace handling in PDF.
- An error with PDF functions can be exploited to cause a buffer overflow.
- A type corruption error exists in v8.
Affected
Google Chrome version prior to 19.0.1084.52 on Mac OS X
References
Severity
Classification
-
CVE CVE-2011-3103, CVE-2011-3104, CVE-2011-3105, CVE-2011-3106, CVE-2011-3107, CVE-2011-3108, CVE-2011-3110, CVE-2011-3111, CVE-2011-3112, CVE-2011-3113, CVE-2011-3114, CVE-2011-3115 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Acrobat Multiple Unspecified Vulnerabilities-01 Sep13 (Mac OS X)
- Adobe Acrobat Out-of-bounds Vulnerability Feb15 (Windows)
- Adobe AIR Multiple Vulnerabilities(APSB14-24)-(Mac OS X)
- Adobe Flash Player Buffer Overflow Vulnerability - Apr14 (Linux)
- Adobe Air Multiple Vulnerabilities June-2012 (Mac OS X)