Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2012-2022 Tenable Network Security, Inc.GOOGLE_CHROME_20_0_1132_43.NASL
HistoryJun 27, 2012 - 12:00 a.m.

Google Chrome < 20.0.1132.43 Multiple Vulnerabilities

2012-06-2700:00:00
This script is Copyright (C) 2012-2022 Tenable Network Security, Inc.
www.tenable.com
20
JSON

The version of Google Chrome installed on the remote host is earlier than 20.0.1132.43 and is, therefore, affected by the following vulnerabilities :

  • An error exists related to the loading of the ‘metro’ DLL. (CVE-2012-2764)

  • An error exists related to the leaking of iframe fragment id. (CVE-2012-2815)

  • An error exists that allows sandboxes to interfere with each other. (CVE-2012-2816)

  • Multiple use-after-free errors exist related to table section handling, counter layout, SVG resource handling, SVG painting, first-letter handling and SVG reference handling. (CVE-2012-2817, CVE-2012-2818, CVE-2012-2823, CVE-2012-2824, CVE-2012-2829, CVE-2012-2831)

  • An error exists related to texture handling that can cause application crashes. (CVE-2012-2819)

  • Out-of-bounds read errors exist related to SVG filter handling and texture conversion. (CVE-2012-2820, CVE-2012-2826)

  • An unspecified error exists related to autofill display actions. (CVE-2012-2821)

  • Several ‘OOB’ read issues exist related to PDF processing. (CVE-2012-2822)

  • A read error exists related to XSL handling.
    (CVE-2012-2825)

  • Several integer overflow issues exist related to PDF processing. (CVE-2012-2828)

  • A pointer issue exists related to the setting of array values. (CVE-2012-2830)

  • An uninitialized pointer issue exists related to the PDF image codec. (CVE-2012-2832)

  • A buffer overflow error exists related to the PDF JavaScript API. (CVE-2012-2833)

  • An integer overflow error exists related to the ‘Matroska’ container. (CVE-2012-2834)

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(59735);
  script_version("1.15");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");

  script_cve_id(
    "CVE-2012-2764",
    "CVE-2012-2815",
    "CVE-2012-2816",
    "CVE-2012-2817",
    "CVE-2012-2818",
    "CVE-2012-2819",
    "CVE-2012-2820",
    "CVE-2012-2821",
    "CVE-2012-2822",
    "CVE-2012-2823",
    "CVE-2012-2824",
    "CVE-2012-2825",
    "CVE-2012-2826",
    "CVE-2012-2828",
    "CVE-2012-2829",
    "CVE-2012-2830",
    "CVE-2012-2831",
    "CVE-2012-2832",
    "CVE-2012-2833",
    "CVE-2012-2834"
  );
  script_bugtraq_id(54203, 54477);

  script_name(english:"Google Chrome < 20.0.1132.43 Multiple Vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"The remote host contains a web browser that is affected by multiple
vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Google Chrome installed on the remote host is earlier
than 20.0.1132.43 and is, therefore, affected by the following
vulnerabilities :

  - An error exists related to the loading of the 'metro'
    DLL. (CVE-2012-2764)

  - An error exists related to the leaking of iframe
    fragment id. (CVE-2012-2815)

  - An error exists that allows sandboxes to interfere with
    each other. (CVE-2012-2816)

  - Multiple use-after-free errors exist related to table
    section handling, counter layout, SVG resource handling,
    SVG painting, first-letter handling and SVG reference
    handling. (CVE-2012-2817, CVE-2012-2818, CVE-2012-2823,
    CVE-2012-2824, CVE-2012-2829, CVE-2012-2831)

  - An error exists related to texture handling that can
    cause application crashes. (CVE-2012-2819)

  - Out-of-bounds read errors exist related to SVG
    filter handling and texture conversion. (CVE-2012-2820,
    CVE-2012-2826)

  - An unspecified error exists related to autofill display
    actions. (CVE-2012-2821)

  - Several 'OOB' read issues exist related to PDF
    processing. (CVE-2012-2822)

  - A read error exists related to XSL handling.
    (CVE-2012-2825)

  - Several integer overflow issues exist related to PDF
    processing. (CVE-2012-2828)

  - A pointer issue exists related to the setting of array
    values. (CVE-2012-2830)

  - An uninitialized pointer issue exists related to the
    PDF image codec. (CVE-2012-2832)

  - A buffer overflow error exists related to the PDF
    JavaScript API. (CVE-2012-2833)

  - An integer overflow error exists related to the
    'Matroska' container. (CVE-2012-2834)");
  script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2012/Jul/93");
  # https://chromereleases.googleblog.com/2012/06/stable-channel-update_26.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?70ed3292");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Google Chrome 20.0.1132.43 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/06/26");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/06/26");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/06/27");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:google:chrome");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2012-2022 Tenable Network Security, Inc.");

  script_dependencies("google_chrome_installed.nasl");
  script_require_keys("SMB/Google_Chrome/Installed");

  exit(0);
}

include("google_chrome_version.inc");

get_kb_item_or_exit("SMB/Google_Chrome/Installed");

installs = get_kb_list("SMB/Google_Chrome/*");
google_chrome_check_version(installs:installs, fix:'20.0.1132.43', severity:SECURITY_HOLE);
VendorProductVersionCPE
googlechromecpe:/a:google:chrome

References

Related

openvas 35
threatpost 2
chrome 1
nessus 41
freebsd 1
gentoo 1
cve 21
debiancve 21
ubuntucve 19
prion 21
securityvulns 16
packetstorm 1
thn 1
android 1
fedora 3
oraclelinux 1
veracode 5
amazon 1
redhat 2
ubuntu 1
centos 1
vmware 3
openvas
openvas
Google Chrome Multiple Vulnerabilities (Jul 2012) - Windows
2012-07-04 00:00:00
Google Chrome Multiple Vulnerabilities - July 12 (Windows)
2012-07-04 00:00:00
Google Chrome Multiple Vulnerabilities - July 12 (Linux)
2012-07-04 00:00:00
threatpost
threatpost
Google Releases Chrome 20 With Fixes for 20 Security Vulnerabilities
2012-06-27 15:34:15
Apple Releases iOS 6.1 With Fixes for More Than 20 Vulnerabilities
2013-01-29 14:25:53
chrome
chrome
Stable Channel Update
2012-06-26 00:00:00
nessus
nessus
openSUSE Security Update : chromium / v8 (openSUSE-SU-2012:0813-1)
2014-06-13 00:00:00
FreeBSD : chromium -- multiple vulnerabilities (ff922811-c096-11e1-b0f4-00262d5ed8ee)
2012-06-28 00:00:00
Google Chrome < 20.0.1132.43 Multiple Vulnerabilities
2012-07-05 00:00:00
freebsd
freebsd
chromium -- multiple vulnerabilities
2012-06-26 00:00:00
gentoo
gentoo
Chromium: Multiple vulnerabilities
2012-08-14 00:00:00
cve
cve
CVE-2012-2832
2012-06-27 10:18:00
CVE-2012-2822
2012-06-27 10:18:00
CVE-2012-2820
2012-06-27 10:18:00
debiancve
debiancve
CVE-2012-2823
2012-06-27 10:18:00
CVE-2012-2832
2012-06-27 10:18:00
CVE-2012-2822
2012-06-27 10:18:00
ubuntucve
ubuntucve
CVE-2012-2832
2012-06-27 00:00:00
CVE-2012-2823
2012-06-27 00:00:00
CVE-2012-2822
2012-06-27 00:00:00
prion
prion
Design/Logic Flaw
2012-06-27 10:18:00
Design/Logic Flaw
2012-06-27 10:18:00
Buffer overflow
2012-06-27 10:18:00
securityvulns
securityvulns
Google Chrome DLL spoofing
2012-07-23 00:00:00
Google Chrome 19 metro_driver.dll mishandling
2012-07-23 00:00:00
libxslt DoS
2012-07-30 00:00:00
packetstorm
packetstorm
Google Chrome 19 metro_driver.dll Mishandling
2012-07-17 00:00:00
thn
thn
RCSAndroid — Advanced Android Hacking Tool Leaked Online
2015-07-24 02:52:00
android
android
Android Browser Exploit WebKit
2011-02-22 00:00:00
fedora
fedora
[SECURITY] Fedora 17 Update: libxslt-1.1.26-10.fc17
2012-09-26 09:11:57
[SECURITY] Fedora 18 Update: libxslt-1.1.27-2.fc18
2012-12-09 06:31:24
[SECURITY] Fedora 16 Update: libxslt-1.1.26-9.fc16
2012-09-27 04:27:12
oraclelinux
oraclelinux
libxslt security update
2012-09-13 00:00:00
veracode
veracode
Out-Of-Bounds Read
2019-05-02 04:43:13
Denial Of Service (DoS)
2019-05-02 04:43:13
Denial Of Service (DoS)
2019-05-02 04:43:13
amazon
amazon
Important: libxslt
2012-09-22 21:33:00
redhat
redhat
(RHSA-2012:1265) Important: libxslt security update
2012-09-13 00:00:00
(RHSA-2012:1325) Important: rhev-hypervisor6 security and bug fix update
2012-10-02 00:00:00
ubuntu
ubuntu
libxslt vulnerabilities
2012-10-04 00:00:00
centos
centos
libxslt security update
2012-09-13 18:02:29
vmware
vmware
VMware vSphere security updates for the authentication service and third party libraries
2013-01-31 00:00:00
VMware vSphere security updates for the authentication service and third party libraries
2013-01-31 00:00:00
VMware ESX updates to ESX Service Console
2012-04-26 00:00:00
JSON
Related for GOOGLE_CHROME_20_0_1132_43.NASL
openvas35threatpost2chrome1nessus41freebsd1gentoo1cve21debiancve21ubuntucve19prion21securityvulns16packetstorm1thn1android1fedora3oraclelinux1veracode5amazon1redhat2ubuntu1centos1vmware3