7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.023 Low
EPSS
Percentile
89.7%
Versions of Google Chrome earlier than 22.0.1229.79 are potentially affected by the following vulnerabilities :
Out-of-bounds write errors exist related to Skia and the PDF viewer. (CVE-2012-2874, CVE-2012-2883, CVE-2012-2895)
Various, unspecified errors exist related to the PDF viewer. (CVE-2012-2875)
A buffer overflow error exists related to ‘SSE2’ optimizations. (CVE-2012-2876)
An unspecified error exists related to extensions and modal dialogs that can allow application crashes. (CVE-2012-2877)
Use-after-free errors exist related to plugin handling, ‘onclick’ handling, ‘SVG’ text references and the PDF viewer. (CVE-2012-2878, CVE-2012-2887, CVE-2012-2888, CVE-2012-2890)
An error exists related to ‘DOM’ topology corruption. (CVE-2012-2879)
Race conditions exist in the plugin paint buffer. (CVE-2012-2880)
‘DOM’ tree corruption can occur with plugins. (CVE-2012-2881)
A pointer error exists related to ‘OGG’ container handling. (CVE-2012-2882)- An out-of-bounds read error exists related to Skia. (CVE-2012-2884)
The possibility of a double-free error exists related to application exit. (CVE-2012-2885)
Universal cross-site scripting issues exist related to the v8 JavaScript engine bindings and frame handling. (CVE-2012-2886, CVE-2012-2889)
Address information can be leaked via inter process communication (IPC). (CVE-2012-2891)
A bypass error exists related to pop-up block. (CVE-2012-2892)
A double-free error exists related to ‘XSL’ transforms. (CVE-2012-2893)
An error exists related to graphics context handling. (CVE-2012-2894)
An integer overflow error exists related to ‘WebGL’. (CVE-2012-2896)
Successful exploitation of any of these issues could lead to an application crash or even allow arbitrary code execution, subject to the user’s privileges.
Binary data 6592.pasl