Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-201111-01
HistoryNov 01, 2011 - 12:00 a.m.

Chromium, V8: Multiple vulnerabilities

2011-11-0100:00:00
Gentoo Foundation
security.gentoo.org
11

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.098 Low

EPSS

Percentile

94.7%

JSON

Background

Chromium is an open-source web browser project. V8 is Google’s open source JavaScript engine.

Description

Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details.

Impact

A local attacker could gain root privileges (CVE-2011-1444, fixed in chromium-11.0.696.57).

A context-dependent attacker could entice a user to open a specially crafted web site or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process, or a Denial of Service condition. The attacker also could obtain cookies and other sensitive information, conduct man-in-the-middle attacks, perform address bar spoofing, bypass the same origin policy, perform Cross-Site Scripting attacks, or bypass pop-up blocks.

Workaround

There is no known workaround at this time.

Resolution

All Chromium users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose
 ">=www-client/chromium-15.0.874.102"

All V8 users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-lang/v8-3.5.10.22"
OSVersionArchitecturePackageVersionFilename
Gentooanyallwww-client/chromium< 15.0.874.102UNKNOWN
Gentooanyalldev-lang/v8< 3.5.10.22UNKNOWN

Related

openvas 20
nessus 7
threatpost 3
chrome 3
ubuntucve 42
freebsd 1
debiancve 42
cve 39
prion 41
seebug 1
openvas
openvas
Gentoo Security Advisory GLSA 201111-01 (chromium v8)
2012-02-12 00:00:00
Gentoo Security Advisory GLSA 201111-01 (chromium v8)
2012-02-12 00:00:00
Google Chrome Multiple Vulnerabilities (Sep 2011) - Windows
2011-09-23 00:00:00
nessus
nessus
GLSA-201111-01 : Chromium, V8: Multiple vulnerabilities
2011-11-02 00:00:00
Google Chrome < 14.0.835.163 Multiple Vulnerabilities
2011-09-19 00:00:00
Google Chrome < 15.0.874.102 Multiple Vulnerabilities
2011-10-26 00:00:00
threatpost
threatpost
Google Fixes More Than 30 Flaws in Chrome
2011-09-16 16:32:41
Google Fixes 27 Bugs in Chrome 15
2011-10-25 17:51:34
Google Fixes Six High-Risk Bugs in Chrome, Pays Out $6k in Bounties
2011-06-28 17:46:35
chrome
chrome
Chrome Stable Release
2011-10-25 00:00:00
Stable Channel Update
2011-09-16 00:00:00
Stable Channel Update
2011-06-28 00:00:00
ubuntucve
ubuntucve
CVE-2011-3879
2011-10-25 00:00:00
CVE-2011-2349
2011-06-29 00:00:00
CVE-2011-2346
2011-06-29 00:00:00
freebsd
freebsd
chromium -- multiple vulnerabilities
2010-10-19 00:00:00
debiancve
debiancve
CVE-2011-2346
2011-06-29 17:55:00
CVE-2011-2349
2011-06-29 17:55:00
CVE-2011-2351
2011-06-29 17:55:00
cve
cve
CVE-2011-2349
2011-06-29 17:55:00
CVE-2011-3891
2011-10-25 19:55:00
CVE-2011-2350
2011-06-29 17:55:00
prion
prion
Design/Logic Flaw
2011-06-29 17:55:00
Design/Logic Flaw
2011-10-25 19:55:00
Out-of-bounds
2011-09-19 12:02:00
seebug
seebug
Google Chrome &lt; 14.0.835.163 PDF File Handling Memory Corruption
2011-10-05 00:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.098 Low

EPSS

Percentile

94.7%

JSON
Related for GLSA-201111-01
openvas20nessus7threatpost3chrome3ubuntucve42freebsd1debiancve42cve39prion41seebug1