Summary
This host is installed with Google Chrome and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow remote attackers to cause a denial of service, cross-site-scripting and execution of arbitrary code.
Impact Level: System/Application
Solution
Upgrade to Google Chrome version 12.0.742.112 or later, For updates refer to http://www.google.com/chrome
Insight
The flaws are due to:
- Error in 'NPAPI implementation', while handling the strings.
- Use-after-free error in SVG font handling.
- Memory corruption error while handling 'Cascading Style Sheets (CSS)' token sequences.
- Incorrect bounds check in Google V8.
- Use-after-free vulnerability, allows attackers to cause denial of service via vectors related to text selection.
- Error in 'HTML' parser, while handling the address 'lifetime and re-entrancy issues'.
- Use-after-free error with 'SVG' use element.
Affected
Google Chrome version prior to 12.0.742.112 on Linux.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2011-2345, CVE-2011-2346, CVE-2011-2347, CVE-2011-2348, CVE-2011-2349, CVE-2011-2350, CVE-2011-2351 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Adobe AIR Multiple Vulnerabilities -02 April 13 (Mac OS X)
- Adobe Flash Player Arbitrary Code Execution Vulnerability (Linux)
- Adobe Flash Media Server multiple vulnerabilities
- Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Mac OS X)
- Adobe Acrobat Multiple Vulnerabilities -01 Jan 13 (Windows)