Summary
This host is installed with Google Chrome and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow remote attackers to cause a denial of service, cross-site-scripting and execution of arbitrary code.
Impact Level: System/Application
Solution
Upgrade to Google Chrome version 12.0.742.112 or later, For updates refer to http://www.google.com/chrome
Insight
The flaws are due to:
- Error in 'NPAPI implementation', while handling the strings.
- Use-after-free error in SVG font handling.
- Memory corruption error while handling 'Cascading Style Sheets (CSS)' token sequences.
- Incorrect bounds check in Google V8.
- Use-after-free vulnerability, allows attackers to cause denial of service via vectors related to text selection.
- Error in 'HTML' parser, while handling the address 'lifetime and re-entrancy issues'.
- Use-after-free error with 'SVG' use element.
Affected
Google Chrome version prior to 12.0.742.112 on Windows.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2011-2345, CVE-2011-2346, CVE-2011-2347, CVE-2011-2348, CVE-2011-2349, CVE-2011-2350, CVE-2011-2351 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Adobe Flash Player 9.0.115.0 and earlier vulnerability (Lin)
- Adobe Flash Player Buffer Overflow Vulnerability - Apr14 (Linux)
- Adobe Acrobat Multiple Vulnerabilities - 01 Jan14 (Windows)
- Adobe Acrobat Multiple Unspecified Vulnerabilities-01 Sep13 (Windows)
- Adobe Flash Player Arbitrary Code Execution Vulnerability - 01 Feb14 (Windows)