Summary
This host is installed with Google Chrome and is prone to multiple vulnerabilities.
Impact
Successful exploitation could allow attackers to execute arbitrary code, cause a denial of service.
Impact Level: System/Application
Solution
Upgrade to Google Chrome version 17.0.963.83 or later, For updates refer to http://www.google.com/chrome
Insight
The flaws are due to
- Not properly restrict the extension web request API.
- Memory corruption in WebGL canvas handling.
- Use-after-free in block splitting.
- An error in WebUI privilege implementation which fails to properly perform isolation.
- Prompt in the browser native UI for unpacked extension installation.
- Cross-origin violation with magic iframe.
- An invalid read error exists within v8.
- A use-after-free error exists when handling CSS cross-fade.
- A use-after-free error exists when handling the first letter.
- An error exists in the bundled version of libpng.
Affected
Google Chrome version prior to 17.0.963.83 on Windows
References
Severity
Classification
-
CVE CVE-2011-3045, CVE-2011-3049, CVE-2011-3050, CVE-2011-3051, CVE-2011-3052, CVE-2011-3053, CVE-2011-3054, CVE-2011-3055, CVE-2011-3056, CVE-2011-3057 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Adobe Acrobat Multiple Vulnerabilities-01 Sep14 (Windows)
- Adobe AIR Multiple Vulnerabilities(APSB14-24)-(Mac OS X)
- Adobe Air Multiple Vulnerabilities - November12 (Windows)
- Adobe ExtendedScript Toolkit (ESTK) Insecure Library Loading Vulnerability (Win)
- Adobe Acrobat Multiple Vulnerabilities-01 Dec14 (Windows)