Search...

FreeBSD : chromium -- Errant plug-in load and GPU process memory corruption (ab1f515d-6b69-11e1-8288-00262d5ed8ee)

2012-03-12T00:00:00

ID FREEBSD_PKG_AB1F515D6B6911E1828800262D5ED8EE.NASL
Type nessus
Reporter This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.
Modified 2012-03-12T00:00:00

Description

Google Chrome Releases reports :

[117620] [117656] Critical CVE-2011-3047: Errant plug-in load and GPU process memory corruption. Credit to PinkiePie.

                                        
                                            #%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from the FreeBSD VuXML database :
#
# Copyright 2003-2013 Jacques Vidrine and contributors
#
# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
# HTML, PDF, PostScript, RTF and so forth) with or without modification,
# are permitted provided that the following conditions are met:
# 1. Redistributions of source code (VuXML) must retain the above
#    copyright notice, this list of conditions and the following
#    disclaimer as the first lines of this file unmodified.
# 2. Redistributions in compiled form (transformed to other DTDs,
#    published online in any format, converted to PDF, PostScript,
#    RTF and other formats) must reproduce the above copyright
#    notice, this list of conditions and the following disclaimer
#    in the documentation and/or other materials provided with the
#    distribution.
# 
# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(58316);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2011-3047");

  script_name(english:"FreeBSD : chromium -- Errant plug-in load and GPU process memory corruption (ab1f515d-6b69-11e1-8288-00262d5ed8ee)");
  script_summary(english:"Checks for updated package in pkg_info output");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote FreeBSD host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Google Chrome Releases reports :

[117620] [117656] Critical CVE-2011-3047: Errant plug-in load and GPU
process memory corruption. Credit to PinkiePie."
  );
  # http://googlechromereleases.blogspot.com/search/label/Stable%20updates
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?29fa020e"
  );
  # http://www.freebsd.org/ports/portaudit/ab1f515d-6b69-11e1-8288-00262d5ed8ee.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?a9adf9f4"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:chromium");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/03/10");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/03/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/03/12");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.");
  script_family(english:"FreeBSD Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");

  exit(0);
}


include("audit.inc");
include("freebsd_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (pkg_test(save_report:TRUE, pkg:"chromium&lt;17.0.963.79")) flag++;

if (flag)
{
  if (report_verbosity &gt; 0) security_hole(port:0, extra:pkg_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

JSON Vulners Source

Initial Source

{"id": "FREEBSD_PKG_AB1F515D6B6911E1828800262D5ED8EE.NASL", "bulletinFamily": "scanner", "title": "FreeBSD : chromium -- Errant plug-in load and GPU process memory corruption (ab1f515d-6b69-11e1-8288-00262d5ed8ee)", "description": "Google Chrome Releases reports :\n\n[117620] [117656] Critical CVE-2011-3047: Errant plug-in load and GPU\nprocess memory corruption. Credit to PinkiePie.", "published": "2012-03-12T00:00:00", "modified": "2012-03-12T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://www.tenable.com/plugins/nessus/58316", "reporter": "This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.", "references": ["http://www.nessus.org/u?a9adf9f4", "http://www.nessus.org/u?29fa020e"], "cvelist": ["CVE-2011-3047"], "type": "nessus", "lastseen": "2021-01-07T10:49:02", "edition": 20, "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2011-3047"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310103439", "OPENVAS:1361412562310802714", "OPENVAS:71157", "OPENVAS:802714", "OPENVAS:103439", "OPENVAS:802715", "OPENVAS:1361412562310802715", "OPENVAS:1361412562310802716", "OPENVAS:802716", "OPENVAS:136141256231071157"]}, {"type": "freebsd", "idList": ["AB1F515D-6B69-11E1-8288-00262D5ED8EE"]}, {"type": "nessus", "idList": ["GOOGLE_CHROME_17_0_963_79.NASL", "GENTOO_GLSA-201203-19.NASL", "OPENSUSE-2012-165.NASL"]}, {"type": "threatpost", "idList": ["THREATPOST:E683F6560B7A78E4C3A100FF90A9895A"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2012:0374-1"]}, {"type": "gentoo", "idList": ["GLSA-201203-19"]}], "modified": "2021-01-07T10:49:02", "rev": 2}, "score": {"value": 6.9, "vector": "NONE", "modified": "2021-01-07T10:49:02", "rev": 2}, "vulnersScore": 6.9}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2013 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58316);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-3047\");\n\n script_name(english:\"FreeBSD : chromium -- Errant plug-in load and GPU process memory corruption (ab1f515d-6b69-11e1-8288-00262d5ed8ee)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Google Chrome Releases reports :\n\n[117620] [117656] Critical CVE-2011-3047: Errant plug-in load and GPU\nprocess memory corruption. Credit to PinkiePie.\"\n );\n # http://googlechromereleases.blogspot.com/search/label/Stable%20updates\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?29fa020e\"\n );\n # http://www.freebsd.org/ports/portaudit/ab1f515d-6b69-11e1-8288-00262d5ed8ee.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a9adf9f4\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<17.0.963.79\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "pluginID": "58316", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:chromium"], "scheme": null}

{"cve": [{"lastseen": "2020-12-09T19:39:09", "description": "The GPU process in Google Chrome before 17.0.963.79 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) by leveraging an error in the plug-in loading mechanism.", "edition": 8, "cvss3": {}, "published": "2012-03-10T19:55:00", "title": "CVE-2011-3047", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3047"], "modified": "2020-04-16T15:58:00", "cpe": ["cpe:/o:opensuse:opensuse:12.1"], "id": "CVE-2011-3047", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3047", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2020-04-22T17:07:15", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3047"], "description": "The remote host is missing an update to the system\n as announced in the referenced advisory.", "modified": "2020-04-21T00:00:00", "published": "2012-03-12T00:00:00", "id": "OPENVAS:136141256231071157", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071157", "type": "openvas", "title": "FreeBSD Ports: chromium", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Auto generated from VID ab1f515d-6b69-11e1-8288-00262d5ed8ee\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (C) 2012 E-Soft Inc. http://www.securityspace.com\n# Some text descriptions might be excerpted from the referenced\n# advisories, and are Copyright (C) by the respective right holder(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71157\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2011-3047\");\n script_version(\"2020-04-21T07:31:29+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-21 07:31:29 +0000 (Tue, 21 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-03-12 11:35:07 -0400 (Mon, 12 Mar 2012)\");\n script_name(\"FreeBSD Ports: chromium\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsd\", \"ssh/login/freebsdrel\");\n\n script_tag(name:\"insight\", value:\"The following package is affected: chromium\n\nCVE-2011-3047\nThe GPU process in Google Chrome before 17.0.963.79 allows remote\nattackers to execute arbitrary code or cause a denial of service\n(memory corruption) by leveraging an error in the plug-in loading\nmechanism.\");\n\n script_tag(name:\"solution\", value:\"Update your system with the appropriate patches or\n software upgrades.\");\n\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.com/search/label/Stable%20updates\");\n script_xref(name:\"URL\", value:\"http://www.vuxml.org/freebsd/ab1f515d-6b69-11e1-8288-00262d5ed8ee.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update to the system\n as announced in the referenced advisory.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-bsd.inc\");\n\nvuln = FALSE;\ntxt = \"\";\n\nbver = portver(pkg:\"chromium\");\nif(!isnull(bver) && revcomp(a:bver, b:\"17.0.963.79\")<0) {\n txt += \"Package chromium version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = TRUE;\n}\n\nif(vuln) {\n security_message(data:txt);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-22T17:06:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3047"], "description": "This host is installed with Google Chrome and is prone to multiple\n vulnerabilities.", "modified": "2020-04-21T00:00:00", "published": "2012-03-20T00:00:00", "id": "OPENVAS:1361412562310802714", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802714", "type": "openvas", "title": "Google Chrome 'GPU process' Multiple Vulnerabilities (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome 'GPU process' Multiple Vulnerabilities (Windows)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802714\");\n script_version(\"2020-04-21T06:28:23+0000\");\n script_cve_id(\"CVE-2011-3047\");\n script_bugtraq_id(52395);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-04-21 06:28:23 +0000 (Tue, 21 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-03-20 11:24:20 +0530 (Tue, 20 Mar 2012)\");\n script_name(\"Google Chrome 'GPU process' Multiple Vulnerabilities (Windows)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/48375/\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/52395/discuss\");\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2012/03/chrome-stable-update_10.html\");\n\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_portable_win.nasl\");\n script_mandatory_keys(\"GoogleChrome/Win/Ver\");\n script_tag(name:\"impact\", value:\"Successful exploitation could allow the attackers to execute arbitrary code\n or cause a denial of service.\");\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 17.0.963.79 on Windows\");\n script_tag(name:\"insight\", value:\"The flaws are due to unspecified errors when loading certain\n plug-ins and handling GPU memory.\");\n script_tag(name:\"solution\", value:\"Upgrade to the Google Chrome 17.0.963.79 or later.\");\n script_tag(name:\"summary\", value:\"This host is installed with Google Chrome and is prone to multiple\n vulnerabilities.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nchromeVer = get_kb_item(\"GoogleChrome/Win/Ver\");\nif(!chromeVer){\n exit(0);\n}\n\nif(version_is_less(version:chromeVer, test_version:\"17.0.963.79\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-02T21:10:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3047"], "description": "This host is installed with Google Chrome and is prone to multiple\n vulnerabilities.", "modified": "2017-04-14T00:00:00", "published": "2012-03-20T00:00:00", "id": "OPENVAS:802714", "href": "http://plugins.openvas.org/nasl.php?oid=802714", "type": "openvas", "title": "Google Chrome 'GPU process' Multiple Vulnerabilities (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_google_chrome_gpu_mult_vuln_win.nasl 5956 2017-04-14 09:02:12Z teissa $\n#\n# Google Chrome 'GPU process' Multiple Vulnerabilities (Windows)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation could allow the attackers to execute arbitrary code\n or cause a denial of service.\n Impact Level: System/Application\";\ntag_affected = \"Google Chrome version prior to 17.0.963.79 on Windows\";\ntag_insight = \"The flaws are due to unspecified errors when loading certain\n plug-ins and handling GPU memory.\";\ntag_solution = \"Upgrade to the Google Chrome 17.0.963.79 or later,\n For updates refer to http://www.google.com/chrome\";\ntag_summary = \"This host is installed with Google Chrome and is prone to multiple\n vulnerabilities.\";\n\nif(description)\n{\n script_id(802714);\n script_version(\"$Revision: 5956 $\");\n script_cve_id(\"CVE-2011-3047\");\n script_bugtraq_id(52395);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-14 11:02:12 +0200 (Fri, 14 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-20 11:24:20 +0530 (Tue, 20 Mar 2012)\");\n script_name(\"Google Chrome 'GPU process' Multiple Vulnerabilities (Windows)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/48375/\");\n script_xref(name : \"URL\" , value : \"http://www.securityfocus.com/bid/52395/discuss\");\n script_xref(name : \"URL\" , value : \"http://googlechromereleases.blogspot.in/2012/03/chrome-stable-update_10.html\");\n\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_win.nasl\");\n script_require_keys(\"GoogleChrome/Win/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n## Variable Initialization\nchromeVer = \"\";\n\n## Get the version from KB\nchromeVer = get_kb_item(\"GoogleChrome/Win/Ver\");\nif(!chromeVer){\n exit(0);\n}\n\n## Check for Google Chrome Version less than 17.0.963.79\nif(version_is_less(version:chromeVer, test_version:\"17.0.963.79\")){\n security_message(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:10:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3047"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2017-04-07T00:00:00", "published": "2012-03-12T00:00:00", "id": "OPENVAS:71157", "href": "http://plugins.openvas.org/nasl.php?oid=71157", "type": "openvas", "title": "FreeBSD Ports: chromium", "sourceData": "#\n#VID ab1f515d-6b69-11e1-8288-00262d5ed8ee\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID ab1f515d-6b69-11e1-8288-00262d5ed8ee\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: chromium\n\nCVE-2011-3047\nThe GPU process in Google Chrome before 17.0.963.79 allows remote\nattackers to execute arbitrary code or cause a denial of service\n(memory corruption) by leveraging an error in the plug-in loading\nmechanism.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://googlechromereleases.blogspot.com/search/label/Stable%20updates\nhttp://www.vuxml.org/freebsd/ab1f515d-6b69-11e1-8288-00262d5ed8ee.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(71157);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2011-3047\");\n script_version(\"$Revision: 5888 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-07 11:01:53 +0200 (Fri, 07 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-12 11:35:07 -0400 (Mon, 12 Mar 2012)\");\n script_name(\"FreeBSD Ports: chromium\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\nvuln = 0;\ntxt = \"\";\nbver = portver(pkg:\"chromium\");\nif(!isnull(bver) && revcomp(a:bver, b:\"17.0.963.79\")<0) {\n txt += \"Package chromium version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt ));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-19T10:50:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3047"], "description": "This host is installed with Google Chrome and is prone to multiple\n vulnerabilities.", "modified": "2017-07-04T00:00:00", "published": "2012-03-20T00:00:00", "id": "OPENVAS:802716", "href": "http://plugins.openvas.org/nasl.php?oid=802716", "type": "openvas", "title": "Google Chrome 'GPU process' Multiple Vulnerabilities (MAC OS X)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_google_chrome_gpu_mult_vuln_macosx.nasl 6521 2017-07-04 14:51:10Z cfischer $\n#\n# Google Chrome 'GPU process' Multiple Vulnerabilities (MAC OS X)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation could allow the attackers to execute arbitrary code\n or cause a denial of service.\n Impact Level: System/Application\";\ntag_affected = \"Google Chrome version prior to 17.0.963.79 on MAC OS X\";\ntag_insight = \"The flaws are due to unspecified errors when loading certain\n plug-ins and handling GPU memory.\";\ntag_solution = \"Upgrade to the Google Chrome 17.0.963.79 or later,\n For updates refer to http://www.google.com/chrome\";\ntag_summary = \"This host is installed with Google Chrome and is prone to multiple\n vulnerabilities.\";\n\nif(description)\n{\n script_id(802716);\n script_version(\"$Revision: 6521 $\");\n script_cve_id(\"CVE-2011-3047\");\n script_bugtraq_id(52395);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-04 16:51:10 +0200 (Tue, 04 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-20 11:24:20 +0530 (Tue, 20 Mar 2012)\");\n script_name(\"Google Chrome 'GPU process' Multiple Vulnerabilities (MAC OS X)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/48375/\");\n script_xref(name : \"URL\" , value : \"http://www.securityfocus.com/bid/52395/discuss\");\n script_xref(name : \"URL\" , value : \"http://googlechromereleases.blogspot.in/2012/03/chrome-stable-update_10.html\");\n\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_macosx.nasl\");\n script_mandatory_keys(\"GoogleChrome/MacOSX/Version\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n## Variable Initialization\nchromeVer = \"\";\n\n## Get the version from KB\nchromeVer = get_kb_item(\"GoogleChrome/MacOSX/Version\");\nif(!chromeVer){\n exit(0);\n}\n\n## Check for Google Chrome Version less than 17.0.963.79\nif(version_is_less(version:chromeVer, test_version:\"17.0.963.79\")){\n security_message(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-04-22T17:06:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3047"], "description": "This host is installed with Google Chrome and is prone to multiple\n vulnerabilities.", "modified": "2020-04-21T00:00:00", "published": "2012-03-20T00:00:00", "id": "OPENVAS:1361412562310802715", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802715", "type": "openvas", "title": "Google Chrome 'GPU process' Multiple Vulnerabilities (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome 'GPU process' Multiple Vulnerabilities (Linux)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802715\");\n script_version(\"2020-04-21T06:28:23+0000\");\n script_cve_id(\"CVE-2011-3047\");\n script_bugtraq_id(52395);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-04-21 06:28:23 +0000 (Tue, 21 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-03-20 11:24:20 +0530 (Tue, 20 Mar 2012)\");\n script_name(\"Google Chrome 'GPU process' Multiple Vulnerabilities (Linux)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/48375/\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/52395/discuss\");\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2012/03/chrome-stable-update_10.html\");\n\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_lin.nasl\");\n script_mandatory_keys(\"Google-Chrome/Linux/Ver\");\n script_tag(name:\"impact\", value:\"Successful exploitation could allow the attackers to execute arbitrary code\n or cause a denial of service.\");\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 17.0.963.79 on Linux\");\n script_tag(name:\"insight\", value:\"The flaws are due to unspecified errors when loading certain\n plug-ins and handling GPU memory.\");\n script_tag(name:\"solution\", value:\"Upgrade to the Google Chrome 17.0.963.79 or later.\");\n script_tag(name:\"summary\", value:\"This host is installed with Google Chrome and is prone to multiple\n vulnerabilities.\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nchromeVer = get_kb_item(\"Google-Chrome/Linux/Ver\");\nif(!chromeVer){\n exit(0);\n}\n\nif(version_is_less(version:chromeVer, test_version:\"17.0.963.79\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-05-08T19:08:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3047"], "description": "Webgrind is prone to a local file-include vulnerability because it\n fails to properly sanitize user-supplied input.", "modified": "2020-05-06T00:00:00", "published": "2012-02-28T00:00:00", "id": "OPENVAS:1361412562310103439", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310103439", "type": "openvas", "title": "webgrind 1.0 (file param) Local File Inclusion Vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# webgrind 1.0 (file param) Local File Inclusion Vulnerability\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2012 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.103439\");\n script_version(\"2020-05-06T06:57:16+0000\");\n script_name(\"webgrind 1.0 (file param) Local File Inclusion Vulnerability\");\n script_xref(name:\"URL\", value:\"http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5075.php\");\n script_cve_id(\"CVE-2011-3047\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-05-06 06:57:16 +0000 (Wed, 06 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-02-28 11:24:22 +0100 (Tue, 28 Feb 2012)\");\n script_category(ACT_ATTACK);\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n script_family(\"Web application abuses\");\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_dependencies(\"find_service.nasl\", \"no404.nasl\", \"webmirror.nasl\", \"DDI_Directory_Scanner.nasl\", \"os_detection.nasl\", \"global_settings.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n\n script_tag(name:\"summary\", value:\"Webgrind is prone to a local file-include vulnerability because it\n fails to properly sanitize user-supplied input.\");\n\n script_tag(name:\"impact\", value:\"An attacker can exploit this vulnerability to view files and execute\n local scripts in the context of the webserver process. This may aid in further attacks.\");\n\n script_tag(name:\"affected\", value:\"Webgrind 1.0 (v1.02 in trunk on github) are vulnerable. Other versions may also be affected.\");\n\n script_tag(name:\"solution\", value:\"No known solution was made available for at least one year since the disclosure of this vulnerability.\n Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the\n product or replace the product by another one.\");\n\n script_tag(name:\"solution_type\", value:\"WillNotFix\");\n exit(0);\n}\n\ninclude(\"misc_func.inc\");\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\ninclude(\"host_details.inc\");\n\nport = http_get_port( default:80 );\nif( ! http_can_host_php( port:port ) ) exit( 0 );\n\nfiles = traversal_files();\n\nforeach dir( make_list_unique( \"/webgrind\", http_cgi_dirs( port:port ) ) ) {\n\n if( dir == \"/\" ) dir = \"\";\n url = dir + \"/index.php\";\n buf = http_get_cache( item:url, port:port );\n\n if( \"<title>webgrind</title>\" >< buf ) {\n\n foreach file( keys( files ) ) {\n\n url = dir + \"/index.php?file=/\" + files[file] + \"&op=fileviewer\";\n\n if( http_vuln_check( port:port, url:url,pattern:file ) ) {\n report = http_report_vuln_url( port:port, url:url );\n security_message( port:port, data:report );\n exit( 0 );\n }\n }\n }\n}\n\nexit( 99 );\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-22T17:05:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3047"], "description": "This host is installed with Google Chrome and is prone to multiple\n vulnerabilities.", "modified": "2020-04-21T00:00:00", "published": "2012-03-20T00:00:00", "id": "OPENVAS:1361412562310802716", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802716", "type": "openvas", "title": "Google Chrome 'GPU process' Multiple Vulnerabilities (MAC OS X)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome 'GPU process' Multiple Vulnerabilities (MAC OS X)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802716\");\n script_version(\"2020-04-21T06:28:23+0000\");\n script_cve_id(\"CVE-2011-3047\");\n script_bugtraq_id(52395);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-04-21 06:28:23 +0000 (Tue, 21 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-03-20 11:24:20 +0530 (Tue, 20 Mar 2012)\");\n script_name(\"Google Chrome 'GPU process' Multiple Vulnerabilities (MAC OS X)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/48375/\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/52395/discuss\");\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2012/03/chrome-stable-update_10.html\");\n\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_macosx.nasl\");\n script_mandatory_keys(\"GoogleChrome/MacOSX/Version\");\n script_tag(name:\"impact\", value:\"Successful exploitation could allow the attackers to execute arbitrary code\n or cause a denial of service.\");\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 17.0.963.79 on MAC OS X\");\n script_tag(name:\"insight\", value:\"The flaws are due to unspecified errors when loading certain\n plug-ins and handling GPU memory.\");\n script_tag(name:\"solution\", value:\"Upgrade to the Google Chrome 17.0.963.79 or later.\");\n script_tag(name:\"summary\", value:\"This host is installed with Google Chrome and is prone to multiple\n vulnerabilities.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nchromeVer = get_kb_item(\"GoogleChrome/MacOSX/Version\");\nif(!chromeVer){\n exit(0);\n}\n\nif(version_is_less(version:chromeVer, test_version:\"17.0.963.79\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-19T10:50:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3047"], "description": "This host is installed with Google Chrome and is prone to multiple\n vulnerabilities.", "modified": "2017-07-04T00:00:00", "published": "2012-03-20T00:00:00", "id": "OPENVAS:802715", "href": "http://plugins.openvas.org/nasl.php?oid=802715", "type": "openvas", "title": "Google Chrome 'GPU process' Multiple Vulnerabilities (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_google_chrome_gpu_mult_vuln_lin.nasl 6521 2017-07-04 14:51:10Z cfischer $\n#\n# Google Chrome 'GPU process' Multiple Vulnerabilities (Linux)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation could allow the attackers to execute arbitrary code\n or cause a denial of service.\n Impact Level: System/Application\";\ntag_affected = \"Google Chrome version prior to 17.0.963.79 on Linux\";\ntag_insight = \"The flaws are due to unspecified errors when loading certain\n plug-ins and handling GPU memory.\";\ntag_solution = \"Upgrade to the Google Chrome 17.0.963.79 or later,\n For updates refer to http://www.google.com/chrome\";\ntag_summary = \"This host is installed with Google Chrome and is prone to multiple\n vulnerabilities.\";\n\nif(description)\n{\n script_id(802715);\n script_version(\"$Revision: 6521 $\");\n script_cve_id(\"CVE-2011-3047\");\n script_bugtraq_id(52395);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-04 16:51:10 +0200 (Tue, 04 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-20 11:24:20 +0530 (Tue, 20 Mar 2012)\");\n script_name(\"Google Chrome 'GPU process' Multiple Vulnerabilities (Linux)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/48375/\");\n script_xref(name : \"URL\" , value : \"http://www.securityfocus.com/bid/52395/discuss\");\n script_xref(name : \"URL\" , value : \"http://googlechromereleases.blogspot.in/2012/03/chrome-stable-update_10.html\");\n\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_lin.nasl\");\n script_mandatory_keys(\"Google-Chrome/Linux/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n## Variable Initialization\nchromeVer = \"\";\n\n## Get the version from KB\nchromeVer = get_kb_item(\"Google-Chrome/Linux/Ver\");\nif(!chromeVer){\n exit(0);\n}\n\n## Check for Google Chrome Version less than 17.0.963.79\nif(version_is_less(version:chromeVer, test_version:\"17.0.963.79\")){\n security_message(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-30T10:47:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3047"], "description": "Webgrind is prone to a local file-include vulnerability because it\nfails to properly sanitize user-supplied input.\n\nAn attacker can exploit this vulnerability to view files and execute\nlocal scripts in the context of the webserver process. This may aid in\nfurther attacks.\n\nWebgrind 1.0 (v1.02 in trunk on github) are vulnerable; other versions may also be affected.", "modified": "2017-10-26T00:00:00", "published": "2012-02-28T00:00:00", "id": "OPENVAS:103439", "href": "http://plugins.openvas.org/nasl.php?oid=103439", "type": "openvas", "title": "webgrind 1.0 (file param) Local File Inclusion Vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_webgrind_lfi_02_2012.nasl 7577 2017-10-26 10:41:56Z cfischer $\n#\n# webgrind 1.0 (file param) Local File Inclusion Vulnerability\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_summary = \"Webgrind is prone to a local file-include vulnerability because it\nfails to properly sanitize user-supplied input.\n\nAn attacker can exploit this vulnerability to view files and execute\nlocal scripts in the context of the webserver process. This may aid in\nfurther attacks.\n\nWebgrind 1.0 (v1.02 in trunk on github) are vulnerable; other versions may also be affected.\";\n\nif (description)\n{\n script_id(103439);\n script_version (\"$Revision: 7577 $\");\n script_name(\"webgrind 1.0 (file param) Local File Inclusion Vulnerability\");\n script_xref(name : \"URL\" , value : \"http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5075.php\");\n script_cve_id(\"CVE-2011-3047\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-10-26 12:41:56 +0200 (Thu, 26 Oct 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-28 11:24:22 +0100 (Tue, 28 Feb 2012)\");\n script_category(ACT_ATTACK);\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n script_family(\"Web application abuses\");\n script_copyright(\"This script is Copyright (C) 2012 Greenbone Networks GmbH\");\n script_dependencies(\"find_service.nasl\", \"http_version.nasl\", \"os_detection.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\ninclude(\"misc_func.inc\");\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\ninclude(\"host_details.inc\");\n\nport = get_http_port( default:80 );\nif( ! can_host_php( port:port ) ) exit( 0 );\n\nfiles = traversal_files();\n\nforeach dir( make_list_unique( \"/webgrind\", cgi_dirs( port:port ) ) ) {\n\n if( dir == \"/\" ) dir = \"\";\n url = dir + \"/index.php\";\n buf = http_get_cache( item:url, port:port );\n\n if( \"<title>webgrind</title>\" >< buf ) {\n\n foreach file( keys( files ) ) {\n\n url = dir + \"/index.php?file=/\" + files[file] + \"&op=fileviewer\";\n\n if( http_vuln_check( port:port, url:url,pattern:file ) ) {\n report = report_vuln_url( port:port, url:url );\n security_message( port:port, data:report );\n exit( 0 );\n }\n }\n }\n}\n\nexit( 99 );", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-01-01T03:04:51", "description": "The version of Google Chrome installed on the remote host is earlier\nthan 17.0.963.79 and is, therefore, affected by memory corruption\nvulnerabilities related to plugin loading and GPU processing.", "edition": 24, "published": "2012-03-14T00:00:00", "title": "Google Chrome < 17.0.963.79 Memory Corruption Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3047"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_17_0_963_79.NASL", "href": "https://www.tenable.com/plugins/nessus/58342", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58342);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/11/15 20:50:26\");\n\n script_cve_id(\"CVE-2011-3047\");\n script_bugtraq_id(52395);\n\n script_name(english:\"Google Chrome < 17.0.963.79 Memory Corruption Vulnerabilities\");\n script_summary(english:\"Checks version number of Google Chrome\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains a web browser that is affected by multiple\nmemory vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote host is earlier\nthan 17.0.963.79 and is, therefore, affected by memory corruption\nvulnerabilities related to plugin loading and GPU processing.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5476304f\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Google Chrome 17.0.963.79 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"SMB/Google_Chrome/Installed\");\n\ninstalls = get_kb_list(\"SMB/Google_Chrome/*\");\ngoogle_chrome_check_version(installs:installs, fix:'17.0.963.79', severity:SECURITY_HOLE);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T12:24:26", "description": "Changes in chromium :\n\n - Update to 19.0.1066\n\n - Fixed Chrome install/update resets Google search\n preferences (Issue: 105390)\n\n - Don't trigger accelerated compositing on 3D CSS when\n using swiftshader (Issue: 116401)\n\n - Fixed a GPU crash (Issue: 116096)\n\n - More fixes for Back button frequently hangs (Issue:\n 93427)\n\n - Bastion now works (Issue: 116285)\n\n - Fixed Composited layer sorting irregularity with\n accelerated canvas (Issue: 102943)\n\n - Fixed Composited layer sorting irregularity with\n accelerated canvas (Issue: 102943)\n\n - Fixed Google Feedback causes render process to use too\n much memory (Issue: 114489)\n\n - Fixed after upgrade, some pages are rendered as blank\n (Issue: 109888)\n\n - Fixed Pasting text into a single-line text field\n shouldn't keep literal newlines (Issue: 106551)\n\n - Security Fixes :\n\n - Critical CVE-2011-3047: Errant plug-in load and GPU\n process memory corruption\n\n - Critical CVE-2011-3046: UXSS and bad history navigation.\n\n - Update to 19.0.1060\n\n - Fixed NTP signed in state is missing (Issue: 112676)\n\n - Fixed gmail seems to redraw itself (all white)\n occasionally (Issue: 111263)\n\n - Focus 'OK' button on JavaScript dialogs (Issue: 111015)\n\n - Fixed Back button frequently hangs (Issue: 93427)\n\n - Increase the buffer size to fix muted playback rate\n (Issue: 108239)\n\n - Fixed Empty span with line-height renders with non-zero\n height (Issue: 109811)\n\n - Marked the Certum Trusted Network CA as an issuer of\n extended-validation (EV) certificates.\n\n - Fixed importing of bookmarks, history, etc. from Firefox\n 10+.\n\n - Fixed issues - 114001, 110785, 114168, 114598, 111663,\n 113636, 112676\n\n - Fixed several crashes (Issues: 111376, 108688, 114391)\n\n - Fixed Firefox browser in Import Bookmarks and Settings\n drop-down (Issue: 114476)\n\n - Sync: Sessions aren't associating pre-existing tabs\n (Issue: 113319)\n\n - Fixed All 'Extensions' make an entry under the 'NTP\n Apps' page (Issue: 113672)\n\n - Security Fixes (bnc#750407) :\n\n - High CVE-2011-3031: Use-after-free in v8 element\n wrapper.\n\n - High CVE-2011-3032: Use-after-free in SVG value\n handling.\n\n - High CVE-2011-3033: Buffer overflow in the Skia drawing\n library.\n\n - High CVE-2011-3034: Use-after-free in SVG document\n handling.\n\n - High CVE-2011-3035: Use-after-free in SVG use handling.\n\n - High CVE-2011-3036: Bad cast in line box handling.\n\n - High CVE-2011-3037: Bad casts in anonymous block\n splitting.\n\n - High CVE-2011-3038: Use-after-free in multi-column\n handling.\n\n - High CVE-2011-3039: Use-after-free in quote handling.\n\n - High CVE-2011-3040: Out-of-bounds read in text handling.\n\n - High CVE-2011-3041: Use-after-free in class attribute\n handling.\n\n - High CVE-2011-3042: Use-after-free in table section\n handling.\n\n - High CVE-2011-3043: Use-after-free in flexbox with\n floats.\n\n - High CVE-2011-3044: Use-after-free with SVG animation\n elements.\n\nChanges in v8 :\n\n - Update to 3.9.13.0\n\n - Add code kind check before preparing for OSR. (issue\n 1900, 115073)\n\n - Pass zone explicitly to zone-allocation on x64 and ARM.\n (issue 1802)\n\n - Port string construct stub to x64. (issue 849)\n\n - Performance and stability improvements on all platforms.", "edition": 19, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : chromium / v8 (openSUSE-SU-2012:0374-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3039", "CVE-2011-3043", "CVE-2011-3044", "CVE-2011-3031", "CVE-2011-3046", "CVE-2011-3033", "CVE-2011-3038", "CVE-2011-3035", "CVE-2011-3036", "CVE-2011-3047", "CVE-2011-3041", "CVE-2011-3034", "CVE-2011-3042", "CVE-2011-3032", "CVE-2011-3037", "CVE-2011-3040"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libv8-3", "cpe:/o:novell:opensuse:12.1", "p-cpe:/a:novell:opensuse:v8-devel", "p-cpe:/a:novell:opensuse:chromium-desktop-gnome", "p-cpe:/a:novell:opensuse:chromium", "p-cpe:/a:novell:opensuse:v8-private-headers-devel", "p-cpe:/a:novell:opensuse:chromium-debugsource", "p-cpe:/a:novell:opensuse:libv8-3-debuginfo", "p-cpe:/a:novell:opensuse:chromium-suid-helper-debuginfo", "p-cpe:/a:novell:opensuse:chromium-suid-helper", "p-cpe:/a:novell:opensuse:v8-debugsource", "p-cpe:/a:novell:opensuse:chromium-debuginfo", "p-cpe:/a:novell:opensuse:chromium-desktop-kde"], "id": "OPENSUSE-2012-165.NASL", "href": "https://www.tenable.com/plugins/nessus/74570", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-165.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74570);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-3031\", \"CVE-2011-3032\", \"CVE-2011-3033\", \"CVE-2011-3034\", \"CVE-2011-3035\", \"CVE-2011-3036\", \"CVE-2011-3037\", \"CVE-2011-3038\", \"CVE-2011-3039\", \"CVE-2011-3040\", \"CVE-2011-3041\", \"CVE-2011-3042\", \"CVE-2011-3043\", \"CVE-2011-3044\", \"CVE-2011-3046\", \"CVE-2011-3047\");\n\n script_name(english:\"openSUSE Security Update : chromium / v8 (openSUSE-SU-2012:0374-1)\");\n script_summary(english:\"Check for the openSUSE-2012-165 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Changes in chromium :\n\n - Update to 19.0.1066\n\n - Fixed Chrome install/update resets Google search\n preferences (Issue: 105390)\n\n - Don't trigger accelerated compositing on 3D CSS when\n using swiftshader (Issue: 116401)\n\n - Fixed a GPU crash (Issue: 116096)\n\n - More fixes for Back button frequently hangs (Issue:\n 93427)\n\n - Bastion now works (Issue: 116285)\n\n - Fixed Composited layer sorting irregularity with\n accelerated canvas (Issue: 102943)\n\n - Fixed Composited layer sorting irregularity with\n accelerated canvas (Issue: 102943)\n\n - Fixed Google Feedback causes render process to use too\n much memory (Issue: 114489)\n\n - Fixed after upgrade, some pages are rendered as blank\n (Issue: 109888)\n\n - Fixed Pasting text into a single-line text field\n shouldn't keep literal newlines (Issue: 106551)\n\n - Security Fixes :\n\n - Critical CVE-2011-3047: Errant plug-in load and GPU\n process memory corruption\n\n - Critical CVE-2011-3046: UXSS and bad history navigation.\n\n - Update to 19.0.1060\n\n - Fixed NTP signed in state is missing (Issue: 112676)\n\n - Fixed gmail seems to redraw itself (all white)\n occasionally (Issue: 111263)\n\n - Focus 'OK' button on JavaScript dialogs (Issue: 111015)\n\n - Fixed Back button frequently hangs (Issue: 93427)\n\n - Increase the buffer size to fix muted playback rate\n (Issue: 108239)\n\n - Fixed Empty span with line-height renders with non-zero\n height (Issue: 109811)\n\n - Marked the Certum Trusted Network CA as an issuer of\n extended-validation (EV) certificates.\n\n - Fixed importing of bookmarks, history, etc. from Firefox\n 10+.\n\n - Fixed issues - 114001, 110785, 114168, 114598, 111663,\n 113636, 112676\n\n - Fixed several crashes (Issues: 111376, 108688, 114391)\n\n - Fixed Firefox browser in Import Bookmarks and Settings\n drop-down (Issue: 114476)\n\n - Sync: Sessions aren't associating pre-existing tabs\n (Issue: 113319)\n\n - Fixed All 'Extensions' make an entry under the 'NTP\n Apps' page (Issue: 113672)\n\n - Security Fixes (bnc#750407) :\n\n - High CVE-2011-3031: Use-after-free in v8 element\n wrapper.\n\n - High CVE-2011-3032: Use-after-free in SVG value\n handling.\n\n - High CVE-2011-3033: Buffer overflow in the Skia drawing\n library.\n\n - High CVE-2011-3034: Use-after-free in SVG document\n handling.\n\n - High CVE-2011-3035: Use-after-free in SVG use handling.\n\n - High CVE-2011-3036: Bad cast in line box handling.\n\n - High CVE-2011-3037: Bad casts in anonymous block\n splitting.\n\n - High CVE-2011-3038: Use-after-free in multi-column\n handling.\n\n - High CVE-2011-3039: Use-after-free in quote handling.\n\n - High CVE-2011-3040: Out-of-bounds read in text handling.\n\n - High CVE-2011-3041: Use-after-free in class attribute\n handling.\n\n - High CVE-2011-3042: Use-after-free in table section\n handling.\n\n - High CVE-2011-3043: Use-after-free in flexbox with\n floats.\n\n - High CVE-2011-3044: Use-after-free with SVG animation\n elements.\n\nChanges in v8 :\n\n - Update to 3.9.13.0\n\n - Add code kind check before preparing for OSR. (issue\n 1900, 115073)\n\n - Pass zone explicitly to zone-allocation on x64 and ARM.\n (issue 1802)\n\n - Port string construct stub to x64. (issue 849)\n\n - Performance and stability improvements on all platforms.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=750407\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=751466\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=751738\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-03/msg00029.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected chromium / v8 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-desktop-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-desktop-kde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-suid-helper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-suid-helper-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libv8-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libv8-3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:v8-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:v8-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:v8-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"chromium-19.0.1066.0-1.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"chromium-debuginfo-19.0.1066.0-1.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"chromium-debugsource-19.0.1066.0-1.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"chromium-desktop-gnome-19.0.1066.0-1.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"chromium-desktop-kde-19.0.1066.0-1.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"chromium-suid-helper-19.0.1066.0-1.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"chromium-suid-helper-debuginfo-19.0.1066.0-1.11.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libv8-3-3.9.13.0-1.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libv8-3-debuginfo-3.9.13.0-1.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"v8-debugsource-3.9.13.0-1.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"v8-devel-3.9.13.0-1.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"v8-private-headers-devel-3.9.13.0-1.15.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromium / chromium-debuginfo / chromium-debugsource / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:53:32", "description": "The remote host is affected by the vulnerability described in GLSA-201203-19\n(Chromium: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Chromium. Please review\n the CVE identifiers and release notes referenced below for details.\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted web\n site using Chromium, possibly resulting in the execution of arbitrary\n code with the privileges of the process, a Denial of Service condition,\n Universal Cross-Site Scripting, or installation of an extension without\n user interaction.\n A remote attacker could also entice a user to install a specially\n crafted extension that would interfere with browser-issued web requests.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 23, "published": "2012-06-21T00:00:00", "title": "GLSA-201203-19 : Chromium: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3039", "CVE-2011-3043", "CVE-2011-3044", "CVE-2011-3031", "CVE-2011-3054", "CVE-2011-3055", "CVE-2011-3046", "CVE-2011-3033", "CVE-2011-3057", "CVE-2011-3038", "CVE-2011-3035", "CVE-2011-3053", "CVE-2011-3049", "CVE-2011-3036", "CVE-2011-3050", "CVE-2011-3052", "CVE-2011-3047", "CVE-2011-3041", "CVE-2011-3034", "CVE-2011-3056", "CVE-2011-3042", "CVE-2011-3051", "CVE-2011-3032", "CVE-2011-3037", "CVE-2011-3040"], "modified": "2012-06-21T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:chromium"], "id": "GENTOO_GLSA-201203-19.NASL", "href": "https://www.tenable.com/plugins/nessus/59611", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201203-19.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59611);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-3031\", \"CVE-2011-3032\", \"CVE-2011-3033\", \"CVE-2011-3034\", \"CVE-2011-3035\", \"CVE-2011-3036\", \"CVE-2011-3037\", \"CVE-2011-3038\", \"CVE-2011-3039\", \"CVE-2011-3040\", \"CVE-2011-3041\", \"CVE-2011-3042\", \"CVE-2011-3043\", \"CVE-2011-3044\", \"CVE-2011-3046\", \"CVE-2011-3047\", \"CVE-2011-3049\", \"CVE-2011-3050\", \"CVE-2011-3051\", \"CVE-2011-3052\", \"CVE-2011-3053\", \"CVE-2011-3054\", \"CVE-2011-3055\", \"CVE-2011-3056\", \"CVE-2011-3057\");\n script_bugtraq_id(52271, 52369, 52395, 52674);\n script_xref(name:\"GLSA\", value:\"201203-19\");\n\n script_name(english:\"GLSA-201203-19 : Chromium: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201203-19\n(Chromium: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Chromium. Please review\n the CVE identifiers and release notes referenced below for details.\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted web\n site using Chromium, possibly resulting in the execution of arbitrary\n code with the privileges of the process, a Denial of Service condition,\n Universal Cross-Site Scripting, or installation of an extension without\n user interaction.\n A remote attacker could also entice a user to install a specially\n crafted extension that would interfere with browser-issued web requests.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n # https://googlechromereleases.blogspot.com/2012/03/chrome-stable-update.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8e2fd3b4\"\n );\n # https://googlechromereleases.blogspot.com/2012/03/chrome-stable-channel-update.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8a2c4f1c\"\n );\n # https://googlechromereleases.blogspot.com/2012/03/chrome-stable-update_10.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5476304f\"\n );\n # https://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d4e415e6\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201203-19\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Chromium users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/chromium-17.0.963.83'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-client/chromium\", unaffected:make_list(\"ge 17.0.963.83\"), vulnerable:make_list(\"lt 17.0.963.83\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Chromium\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2016-09-26T17:24:40", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3047"], "edition": 1, "description": "\nGoogle Chrome Releases reports:\n\n[117620] [117656] Critical CVE-2011-3047: Errant plug-in load and\n\t GPU process memory corruption. Credit to PinkiePie.\n\n", "modified": "2012-03-10T00:00:00", "published": "2012-03-10T00:00:00", "href": "https://vuxml.freebsd.org/freebsd/ab1f515d-6b69-11e1-8288-00262d5ed8ee.html", "id": "AB1F515D-6B69-11E1-8288-00262D5ED8EE", "title": "chromium -- Errant plug-in load and GPU process memory corruption", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "threatpost": [{"lastseen": "2018-10-06T23:03:34", "bulletinFamily": "info", "cvelist": ["CVE-2011-3046", "CVE-2011-3047"], "description": "[![Chrome patch](https://media.threatpost.com/wp-content/uploads/sites/103/2013/04/07065322/chrome_patch_new_13.jpg)](<https://threatpost.com/google-fixes-second-set-chrome-bugs-used-pwnium-contest-031212/>)Google has pushed out a patch for the second full sandbox escape exploit used in the Pwnium contest at CanSecWest. The Chrome vulnerabilities that the exploit targeted were discovered by an anonymous researcher who used the name PinkiePie and claimed a $60,000 reward from Google.\n\nThe attack that the researcher used included three separate vulnerabilities which he was able to string together to compromise Chrome. The researcher did not use his real name, but Google security officials at the conference said that they knew who he was and that he was well-respected in the security community. He had been working on the attack for a while and Google officials were unsure whether he\u2019d be able to complete before the Pwnium contest ended Friday afternoon.\n\nThe contest was created as a rival to the Pwn2Own contest at CanSecWest, which as been running for several years. Google officials said they were happy with the results of Pwnium, which attracted two full sandbox escapes in Chrome, and the contest could end up being expanded in future years.\n\n\u201cWe\u2019re delighted at the success of Pwnium and the ability to study full exploits. We anticipate landing additional changes and hardening measures for both CVE-2011-3046 and CVE-2011-3047 in the near future. We also believe that both submissions are works of art and deserve wider sharing and recognition. We plan to do technical reports on both Pwnium submissions in the future,\u201d [Jason Kersey of Google](<http://googlechromereleases.blogspot.com/2012/03/chrome-stable-update_10.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+GoogleChromeReleases+%28Google+Chrome+Releases%29>) said in a blog post.\n\nGoogle patched the other [vulnerabilities used by researcher Sergey Glazunov](<https://threatpost.com/google-patches-chrome-bugs-used-pwnium-contest-030812/>) in the contest last week.\n", "modified": "2013-04-17T16:32:38", "published": "2012-03-12T11:54:19", "id": "THREATPOST:E683F6560B7A78E4C3A100FF90A9895A", "href": "https://threatpost.com/google-fixes-second-set-chrome-bugs-used-pwnium-contest-031212/76314/", "type": "threatpost", "title": "Google Fixes Second Set of Chrome Bugs Used in Pwnium Contest", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T11:52:15", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3039", "CVE-2011-3043", "CVE-2011-3044", "CVE-2011-3031", "CVE-2011-3046", "CVE-2011-3033", "CVE-2011-3038", "CVE-2011-3035", "CVE-2011-3036", "CVE-2011-3047", "CVE-2011-3041", "CVE-2011-3034", "CVE-2011-3042", "CVE-2011-3032", "CVE-2011-3037", "CVE-2011-3040"], "description": "Changes in chromium:\n - Update to 19.0.1066\n * Fixed Chrome install/update resets Google search\n preferences (Issue: 105390)\n * Don't trigger accelerated compositing on 3D CSS when\n using swiftshader (Issue: 116401)\n * Fixed a GPU crash (Issue: 116096)\n * More fixes for Back button frequently hangs (Issue:\n 93427)\n * Bastion now works (Issue: 116285)\n * Fixed Composited layer sorting irregularity with\n accelerated canvas (Issue: 102943)\n * Fixed Composited layer sorting irregularity with\n accelerated canvas (Issue: 102943)\n * Fixed Google Feedback causes render process to use too\n much memory (Issue: 114489)\n * Fixed after upgrade, some pages are rendered as blank\n (Issue: 109888)\n * Fixed Pasting text into a single-line text field\n shouldn't keep literal newlines (Issue: 106551)\n - Security Fixes:\n * Critical CVE-2011-3047: Errant plug-in load and GPU\n process memory corruption\n * Critical CVE-2011-3046: UXSS and bad history navigation.\n\n - Update to 19.0.1060\n * Fixed NTP signed in state is missing (Issue: 112676)\n * Fixed gmail seems to redraw itself (all white)\n occasionally (Issue: 111263)\n * Focus "OK" button on Javascript dialogs (Issue: 111015)\n * Fixed Back button frequently hangs (Issue: 93427)\n * Increase the buffer size to fix muted playback rate\n (Issue: 108239)\n * Fixed Empty span with line-height renders with non-zero\n height (Issue: 109811)\n * Marked the Certum Trusted Network CA as an issuer of\n extended-validation (EV) certificates.\n * Fixed importing of bookmarks, history, etc. from\n Firefox 10+.\n * Fixed issues - 114001, 110785, 114168, 114598, 111663,\n 113636, 112676\n * Fixed several crashes (Issues: 111376, 108688, 114391)\n * Fixed Firefox browser in Import Bookmarks and Settings\n drop-down (Issue: 114476)\n * Sync: Sessions aren't associating pre-existing tabs\n (Issue: 113319)\n * Fixed All "Extensions" make an entry under the "NTP\n Apps" page (Issue: 113672)\n - Security Fixes (bnc#750407):\n * High CVE-2011-3031: Use-after-free in v8 element\n wrapper.\n * High CVE-2011-3032: Use-after-free in SVG value\n handling.\n * High CVE-2011-3033: Buffer overflow in the Skia\n drawing library.\n * High CVE-2011-3034: Use-after-free in SVG document\n handling.\n * High CVE-2011-3035: Use-after-free in SVG use handling.\n * High CVE-2011-3036: Bad cast in line box handling.\n * High CVE-2011-3037: Bad casts in anonymous block\n splitting.\n * High CVE-2011-3038: Use-after-free in multi-column\n handling.\n * High CVE-2011-3039: Use-after-free in quote handling.\n * High CVE-2011-3040: Out-of-bounds read in text\n handling.\n * High CVE-2011-3041: Use-after-free in class attribute\n handling.\n * High CVE-2011-3042: Use-after-free in table section\n handling.\n * High CVE-2011-3043: Use-after-free in flexbox with\n floats.\n * High CVE-2011-3044: Use-after-free with SVG animation\n elements.\n\n Changes in v8:\n - Update to 3.9.13.0\n * Add code kind check before preparing for OSR. (issue\n 1900, 115073)\n * Pass zone explicitly to zone-allocation on x64 and ARM.\n (issue 1802)\n * Port string construct stub to x64. (issue 849)\n * Performance and stability improvements on all platforms.\n\n", "edition": 1, "modified": "2012-03-16T13:08:23", "published": "2012-03-16T13:08:23", "id": "OPENSUSE-SU-2012:0374-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00012.html", "type": "suse", "title": "update for chromium, v8 (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:53", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3039", "CVE-2011-3043", "CVE-2011-3044", "CVE-2011-3031", "CVE-2011-3054", "CVE-2011-3055", "CVE-2011-3046", "CVE-2011-3033", "CVE-2011-3057", "CVE-2011-3038", "CVE-2011-3035", "CVE-2011-3053", "CVE-2011-3049", "CVE-2011-3036", "CVE-2011-3050", "CVE-2011-3052", "CVE-2011-3047", "CVE-2011-3041", "CVE-2011-3034", "CVE-2011-3056", "CVE-2011-3042", "CVE-2011-3051", "CVE-2011-3032", "CVE-2011-3037", "CVE-2011-3040"], "description": "### Background\n\nChromium is an open source web browser project.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers and release notes referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted web site using Chromium, possibly resulting in the execution of arbitrary code with the privileges of the process, a Denial of Service condition, Universal Cross-Site Scripting, or installation of an extension without user interaction. \n\nA remote attacker could also entice a user to install a specially crafted extension that would interfere with browser-issued web requests. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Chromium users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/chromium-17.0.963.83\"", "edition": 1, "modified": "2012-03-25T00:00:00", "published": "2012-03-25T00:00:00", "id": "GLSA-201203-19", "href": "https://security.gentoo.org/glsa/201203-19", "type": "gentoo", "title": "Chromium: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}

FreeBSD : chromium -- Errant plug-in load and GPU process memory corruption (ab1f515d-6b69-11e1-8288-00262d5ed8ee)

Description

Google Chrome Releases reports : [117620] [117656] Critical CVE-2011-3047: Errant plug-in load and GPU process memory corruption. Credit to PinkiePie.

Google Chrome Releases reports :

[117620] [117656] Critical CVE-2011-3047: Errant plug-in load and GPU process memory corruption. Credit to PinkiePie.