Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2012-2022 and is owned by Tenable, Inc. or an Affiliate thereof.GOOGLE_CHROME_19_0_1084_46.NASL
HistoryMay 16, 2012 - 12:00 a.m.

Google Chrome < 19.0.1084.46 Multiple Vulnerabilities

2012-05-1600:00:00
This script is Copyright (C) 2012-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
9
JSON

The version of Google Chrome installed on the remote host is earlier than 19.0.1084.46 and is, therefore, affected by the following vulnerabilities :

  • Video content with FTP can cause crashes.
    (CVE-2011-3083)

  • Internal links are not loaded in their own process.
    (CVE-2011-3084)

  • Lengthy auto-filled values can corrupt the user interface. (CVE-2011-3085)

  • Use-after free errors exist related to style elements, table handling, indexed DBs, GTK ‘omnibox’ handling, and corrupt font encoding names related to PDF handling.
    (CVE-2011-3086, CVE-2011-3089, CVE-2011-3091, CVE-2011-3096, CVE-2011-3099)

  • An error exists related to windows navigation.
    (CVE-2011-3087)

  • Out-of-bounds read errors exist related to hairline drawing, glyph handling, Tibetan, OGG containers, PDF sampled functions and drawing dash paths.
    (CVE-2011-3088, CVE-2011-3093, CVE-2011-3094, CVE-2011-3095, CVE-2011-3097, CVE-2011-3100)

  • A race condition related to workers exists.
    (CVE-2011-3090)

  • An invalid write exists in the v8 regex processing.
    (CVE-2011-3092)

  • An error exists related to Windows Media Player plugin and the search path. (CVE-2011-3098)

  • An off-by-one out-of-bounds write error exists in libxml. (CVE-2011-3102)

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(59117);
  script_version("1.14");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");

  script_cve_id(
    "CVE-2011-3083",
    "CVE-2011-3084",
    "CVE-2011-3085",
    "CVE-2011-3086",
    "CVE-2011-3087",
    "CVE-2011-3088",
    "CVE-2011-3089",
    "CVE-2011-3090",
    "CVE-2011-3091",
    "CVE-2011-3092",
    "CVE-2011-3093",
    "CVE-2011-3094",
    "CVE-2011-3095",
    "CVE-2011-3097",
    "CVE-2011-3098",
    "CVE-2011-3099",
    "CVE-2011-3100",
    "CVE-2011-3102"
  );
  script_bugtraq_id(53540, 53808);

  script_name(english:"Google Chrome < 19.0.1084.46 Multiple Vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"The remote host contains a web browser that is affected by multiple
vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Google Chrome installed on the remote host is earlier
than 19.0.1084.46 and is, therefore, affected by the following
vulnerabilities :

  - Video content with FTP can cause crashes.
    (CVE-2011-3083)

  - Internal links are not loaded in their own process.
    (CVE-2011-3084)

  - Lengthy auto-filled values can corrupt the user
    interface. (CVE-2011-3085)

  - Use-after free errors exist related to style elements,
    table handling, indexed DBs, GTK 'omnibox' handling,
    and corrupt font encoding names related to PDF handling.
    (CVE-2011-3086, CVE-2011-3089, CVE-2011-3091,
    CVE-2011-3096, CVE-2011-3099)

  - An error exists related to windows navigation.
    (CVE-2011-3087)

  - Out-of-bounds read errors exist related to hairline
    drawing, glyph handling, Tibetan, OGG containers, PDF
    sampled functions and drawing dash paths.
    (CVE-2011-3088, CVE-2011-3093, CVE-2011-3094,
    CVE-2011-3095, CVE-2011-3097, CVE-2011-3100)

  - A race condition related to workers exists.
    (CVE-2011-3090)

  - An invalid write exists in the v8 regex processing.
    (CVE-2011-3092)

  - An error exists related to Windows Media Player plugin
    and the search path. (CVE-2011-3098)

  - An off-by-one out-of-bounds write error exists in
    libxml. (CVE-2011-3102)");
  # http://googlechromereleases.blogspot.com/2012/05/stable-channel-update.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?57869300");
  # http://build.chromium.org/f/chromium/perf/dashboard/ui/changelog.html?url=/trunk/src&range=119867:129376&mode=html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ac840e6e");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Google Chrome 19.0.1084.46 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2011-3099");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/05/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/05/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/05/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:google:chrome");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2012-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("google_chrome_installed.nasl");
  script_require_keys("SMB/Google_Chrome/Installed");

  exit(0);
}

include("google_chrome_version.inc");

get_kb_item_or_exit("SMB/Google_Chrome/Installed");

installs = get_kb_list("SMB/Google_Chrome/*");
google_chrome_check_version(installs:installs, fix:'19.0.1084.46', severity:SECURITY_HOLE);
VendorProductVersionCPE
googlechromecpe:/a:google:chrome

References

Related

openvas 49
freebsd 2
nessus 42
threatpost 1
chrome 1
suse 4
gentoo 2
debiancve 18
msvr 1
ubuntucve 19
prion 19
cve 19
securityvulns 4
debian 1
veracode 1
ubuntu 2
redhat 4
amazon 1
centos 2
oraclelinux 3
fedora 2
vmware 2
openvas
openvas
Google Chrome Multiple Vulnerabilities - May 12 (Mac OS X)
2012-05-17 00:00:00
Google Chrome Multiple Vulnerabilities - May 12 (Windows)
2012-05-17 00:00:00
FreeBSD Ports: chromium
2012-05-31 00:00:00
freebsd
freebsd
chromium -- multiple vulnerabilities
2012-05-15 00:00:00
libxml2 -- An off-by-one out-of-bounds write by XPointer
2012-05-15 00:00:00
nessus
nessus
FreeBSD : chromium -- multiple vulnerabilities (1449af37-9eba-11e1-b9c1-00262d5ed8ee)
2012-05-16 00:00:00
Google Chrome < 19.0.1084.46 Multiple Vulnerabilities
2012-05-17 00:00:00
Google Chrome < 19.0.1084.46 Multiple Vulnerabilities
2012-05-17 00:00:00
threatpost
threatpost
Google Releases Chrome 19, Fixes More Than 20 Bugs
2012-05-15 16:26:53
chrome
chrome
Stable Channel Update
2012-05-15 00:00:00
suse
suse
update for chromium, v8 (important)
2012-05-29 15:08:29
update for chromium, v8 (important)
2012-08-15 16:09:13
Security update for libxml2 (important)
2013-11-04 18:04:12
gentoo
gentoo
Chromium, V8: Multiple vulnerabilities
2012-05-21 00:00:00
libxml2: User-assisted execution of arbitrary code
2012-07-09 00:00:00
debiancve
debiancve
CVE-2011-3097
2012-05-16 00:55:00
CVE-2011-3098
2012-05-16 00:55:00
CVE-2011-3093
2012-05-16 00:55:00
msvr
msvr
Vulnerability in Google Chrome Could Allow Local Code Execution
2012-06-19 00:00:00
ubuntucve
ubuntucve
CVE-2011-3096
2012-05-16 00:00:00
CVE-2011-3091
2012-05-16 00:00:00
CVE-2011-3097
2012-05-16 00:00:00
prion
prion
Directory traversal
2012-05-16 00:55:00
Out-of-bounds
2012-05-16 00:55:00
Design/Logic Flaw
2012-05-16 00:55:00
cve
cve
CVE-2011-3098
2012-05-16 00:55:00
CVE-2011-3087
2012-05-16 00:55:00
CVE-2011-3097
2012-05-16 00:55:00
securityvulns
securityvulns
[ MDVSA-2012:098 ] libxml2
2012-06-24 00:00:00
libxml off-by-one
2012-06-24 00:00:00
APPLE-SA-2014-01-22-1 iTunes 11.1.4
2014-01-29 00:00:00
debian
debian
[SECURITY] [DSA 2479-1] libxml2 security update
2012-05-23 19:39:41
veracode
veracode
Denial Of Service (DoS)
2019-01-15 08:57:55
ubuntu
ubuntu
libxml2 vulnerability
2012-05-21 00:00:00
WebKit vulnerabilities
2012-10-25 00:00:00
redhat
redhat
(RHSA-2012:1288) Moderate: libxml2 security update
2012-09-18 00:00:00
(RHSA-2012:1324) Important: rhev-hypervisor5 security and bug fix update
2012-10-02 00:00:00
(RHSA-2013:0217) Important: mingw32-libxml2 security update
2013-01-31 00:00:00
amazon
amazon
Medium: libxml2
2012-10-15 12:20:00
centos
centos
libxml2 security update
2012-09-18 18:22:15
mingw32 security update
2013-02-01 00:53:30
oraclelinux
oraclelinux
libxml2 security update
2013-02-28 00:00:00
libxml2 security update
2012-09-18 00:00:00
mingw32-libxml2 security update
2013-01-31 00:00:00
fedora
fedora
[SECURITY] Fedora 16 Update: libxml2-2.7.8-8.fc16
2012-09-27 04:35:19
[SECURITY] Fedora 17 Update: libxml2-2.7.8-9.fc17
2012-09-26 08:56:06
vmware
vmware
VMware vSphere security updates for the authentication service and third party libraries
2013-01-31 00:00:00
VMware vSphere security updates for the authentication service and third party libraries
2013-01-31 00:00:00
JSON
Related for GOOGLE_CHROME_19_0_1084_46.NASL
openvas49freebsd2nessus42threatpost1chrome1suse4gentoo2debiancve18msvr1ubuntucve19prion19cve19securityvulns4debian1veracode1ubuntu2redhat4amazon1centos2oraclelinux3fedora2vmware2