{"bulletinFamily": "scanner", "viewCount": 0, "naslFamily": "Gentoo Local Security Checks", "reporter": "Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com", "references": [], "description": "The remote host is missing updates announced in\nadvisory GLSA 201111-01.", "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "8b4605fbcffbdef3fb8b1eabc3b444db"}, {"key": "cvss", "hash": "2076413bdcb42307d016f5286cbae795"}, {"key": "description", "hash": "5f720038c848cbd7bcc8eac83bc80457"}, {"key": "href", "hash": "64b4d8240b657ec86f068a71c75016a1"}, {"key": "modified", "hash": "d89cc672a6266551218ef8145d1f22e2"}, {"key": "naslFamily", "hash": "cf18d881f0f76f23f322ed3f861d3616"}, {"key": "pluginID", "hash": "cdd3f176df2ea23c9762b19c10858a82"}, {"key": "published", "hash": "9fd3138155f9fd2d0447777c5154aeef"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "e34e2f978e4314ac3276e0e621a2704e"}, {"key": "sourceData", "hash": "09d6fb417038d65335f0ae053ed77e2e"}, {"key": "title", "hash": "3549fe06cb33978ea2215eaf43a85ee0"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "href": "http://plugins.openvas.org/nasl.php?oid=70790", "modified": "2017-07-07T00:00:00", "objectVersion": "1.3", "enchantments": {"score": {"value": 8.4, "vector": "NONE", "modified": "2017-07-24T12:50:58"}, "dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:802263", "OPENVAS:802264", "OPENVAS:802262", "OPENVAS:1361412562310802264", "OPENVAS:1361412562310802263", "OPENVAS:902628", "OPENVAS:1361412562310802262", "OPENVAS:902627", "OPENVAS:1361412562310902628", "OPENVAS:1361412562310902629"]}, {"type": "threatpost", "idList": ["THREATPOST:319601D0EE38C0A8BD8C8EAD0F901F59", "THREATPOST:56C48F4F377030474FAECBFB9640D3FB", "THREATPOST:EFA18C0B8DDA565F15F18AD6D27B898B"]}, {"type": "nessus", "idList": ["GOOGLE_CHROME_15_0_874_102.NASL", "GOOGLE_CHROME_14_0_835_163.NASL", "GENTOO_GLSA-201111-01.NASL", "GOOGLE_CHROME_12_0_742_112.NASL", "FREEBSD_PKG_6887828F022911E0B84D00262D5ED8EE.NASL", "SUSE_11_3_LIBXML2-111201.NASL", "SUSE_11_4_LIBXML2-111201.NASL", "SUSE_11_LIBXML2-111201.NASL", "MANDRIVA_MDVSA-2011-145.NASL", "SAFARI_5_1_4.NASL"]}, {"type": "gentoo", "idList": ["GLSA-201111-01"]}, {"type": "cve", "idList": ["CVE-2011-2349", "CVE-2011-2350", "CVE-2011-2346", "CVE-2011-2854", "CVE-2011-2345", "CVE-2011-2862", "CVE-2011-3890", "CVE-2011-2856", "CVE-2011-2844", "CVE-2011-2859"]}, {"type": "freebsd", "idList": ["6887828F-0229-11E0-B84D-00262D5ED8EE"]}, {"type": "seebug", "idList": ["SSV:72187", "SSV:20968"]}, {"type": "exploitdb", "idList": ["EDB-ID:17929"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:11744", "SECURITYVULNS:DOC:27741"]}], "modified": "2017-07-24T12:50:58"}, "vulnersScore": 8.4}, "id": "OPENVAS:70790", "title": "Gentoo Security Advisory GLSA 201111-01 (chromium v8)", "hash": "2df2271e71e903abe53b88584e04f673e8fa85b4385823a2258fcd87fee831c2", "edition": 2, "published": "2012-02-12T00:00:00", "type": "openvas", "history": [{"lastseen": "2017-07-02T21:10:46", "bulletin": {"hash": "525da9d386db4844e8726b7edf01590f4f2aed1c994156fe150e997e5ec82bc2", "viewCount": 0, "reporter": "Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com", "references": [], "description": "The remote host is missing updates announced in\nadvisory GLSA 201111-01.", "hashmap": [{"key": "cvss", "hash": "2076413bdcb42307d016f5286cbae795"}, {"key": "href", "hash": "64b4d8240b657ec86f068a71c75016a1"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "ac79630d1390466794385c2ba9d795e4"}, {"key": "cvelist", "hash": "8b4605fbcffbdef3fb8b1eabc3b444db"}, {"key": "pluginID", "hash": "cdd3f176df2ea23c9762b19c10858a82"}, {"key": "sourceData", "hash": "217ec64802e32be2795e05508b4e7530"}, {"key": "title", "hash": "3549fe06cb33978ea2215eaf43a85ee0"}, {"key": "description", "hash": "5f720038c848cbd7bcc8eac83bc80457"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}, {"key": "reporter", "hash": "e34e2f978e4314ac3276e0e621a2704e"}, {"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "published", "hash": "9fd3138155f9fd2d0447777c5154aeef"}, {"key": "naslFamily", "hash": "cf18d881f0f76f23f322ed3f861d3616"}], "naslFamily": "Gentoo Local Security Checks", "modified": "2017-04-21T00:00:00", "objectVersion": "1.3", "href": "http://plugins.openvas.org/nasl.php?oid=70790", "published": "2012-02-12T00:00:00", "enchantments": {}, "id": "OPENVAS:70790", "title": "Gentoo Security Advisory GLSA 201111-01 (chromium v8)", "bulletinFamily": "scanner", "edition": 1, "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities have been reported in Chromium and V8,\n some of which may allow execution of arbitrary code and local root\n privilege escalation.\";\ntag_solution = \"All Chromium users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/chromium-15.0.874.102'\n \n\nAll V8 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-lang/v8-3.5.10.22'\n \n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20201111-01\nhttp://bugs.gentoo.org/show_bug.cgi?id=351525\nhttp://bugs.gentoo.org/show_bug.cgi?id=353626\nhttp://bugs.gentoo.org/show_bug.cgi?id=354121\nhttp://bugs.gentoo.org/show_bug.cgi?id=356933\nhttp://bugs.gentoo.org/show_bug.cgi?id=357963\nhttp://bugs.gentoo.org/show_bug.cgi?id=358581\nhttp://bugs.gentoo.org/show_bug.cgi?id=360399\nhttp://bugs.gentoo.org/show_bug.cgi?id=363629\nhttp://bugs.gentoo.org/show_bug.cgi?id=365125\nhttp://bugs.gentoo.org/show_bug.cgi?id=366335\nhttp://bugs.gentoo.org/show_bug.cgi?id=367013\nhttp://bugs.gentoo.org/show_bug.cgi?id=368649\nhttp://bugs.gentoo.org/show_bug.cgi?id=370481\nhttp://bugs.gentoo.org/show_bug.cgi?id=373451\nhttp://bugs.gentoo.org/show_bug.cgi?id=373469\nhttp://bugs.gentoo.org/show_bug.cgi?id=377475\nhttp://bugs.gentoo.org/show_bug.cgi?id=377629\nhttp://bugs.gentoo.org/show_bug.cgi?id=380311\nhttp://bugs.gentoo.org/show_bug.cgi?id=380897\nhttp://bugs.gentoo.org/show_bug.cgi?id=381713\nhttp://bugs.gentoo.org/show_bug.cgi?id=383251\nhttp://bugs.gentoo.org/show_bug.cgi?id=385649\nhttp://bugs.gentoo.org/show_bug.cgi?id=388461\nhttp://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html\nhttp://googlechromereleases.blogspot.com/2011/03/stable-and-beta-channel-updates.html\nhttp://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html\nhttp://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html\nhttp://googlechromereleases.blogspot.com/2011/05/beta-and-stable-channel-update.html\nhttp://googlechromereleases.blogspot.com/2011/05/stable-channel-update.html\nhttp://googlechromereleases.blogspot.com/2011/05/stable-channel-update_24.html\nhttp://googlechromereleases.blogspot.com/2011/06/stable-channel-update_28.html\nhttp://googlechromereleases.blogspot.com/2011/06/chrome-stable-release.html\nhttp://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html\nhttp://googlechromereleases.blogspot.com/2011/08/stable-channel-update_22.html\nhttp://googlechromereleases.blogspot.com/2011/09/stable-channel-update.html\nhttp://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html\nhttp://googlechromereleases.blogspot.com/2011/10/stable-channel-update.html\nhttp://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html\nhttp://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html\nhttp://googlechromereleases.blogspot.com/2011/02/stable-channel-update_28.html\nhttp://googlechromereleases.blogspot.com/2011/02/stable-channel-update.html\nhttp://googlechromereleases.blogspot.com/2011/02/stable-channel-update_08.html\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 201111-01.\";\n\n \n \nif(description)\n{\n script_id(70790);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2011-2345\", \"CVE-2011-2346\", \"CVE-2011-2347\", \"CVE-2011-2348\", \"CVE-2011-2349\", \"CVE-2011-2350\", \"CVE-2011-2351\", \"CVE-2011-2834\", \"CVE-2011-2835\", \"CVE-2011-2837\", \"CVE-2011-2838\", \"CVE-2011-2839\", \"CVE-2011-2840\", \"CVE-2011-2841\", \"CVE-2011-2843\", \"CVE-2011-2844\", \"CVE-2011-2845\", \"CVE-2011-2846\", \"CVE-2011-2847\", \"CVE-2011-2848\", \"CVE-2011-2849\", \"CVE-2011-2850\", \"CVE-2011-2851\", \"CVE-2011-2852\", \"CVE-2011-2853\", \"CVE-2011-2854\", \"CVE-2011-2855\", \"CVE-2011-2856\", \"CVE-2011-2857\", \"CVE-2011-2858\", \"CVE-2011-2859\", \"CVE-2011-2860\", \"CVE-2011-2861\", \"CVE-2011-2862\", \"CVE-2011-2864\", \"CVE-2011-2874\", \"CVE-2011-3234\", \"CVE-2011-3873\", \"CVE-2011-3875\", \"CVE-2011-3876\", \"CVE-2011-3877\", \"CVE-2011-3878\", \"CVE-2011-3879\", \"CVE-2011-3880\", \"CVE-2011-3881\", \"CVE-2011-3882\", \"CVE-2011-3883\", \"CVE-2011-3884\", \"CVE-2011-3885\", \"CVE-2011-3886\", \"CVE-2011-3887\", \"CVE-2011-3888\", \"CVE-2011-3889\", \"CVE-2011-3890\", \"CVE-2011-3891\");\n script_version(\"$Revision: 5999 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-21 11:02:32 +0200 (Fri, 21 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-12 10:04:40 -0500 (Sun, 12 Feb 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201111-01 (chromium v8)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"login/SSH/success\", \"ssh/login/gentoo\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"www-client/chromium\", unaffected: make_list(\"ge 15.0.874.102\"), vulnerable: make_list(\"lt 15.0.874.102\"))) != NULL ) {\n report += res;\n}\nif((res = ispkgvuln(pkg:\"dev-lang/v8\", unaffected: make_list(\"ge 3.5.10.22\"), vulnerable: make_list(\"lt 3.5.10.22\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "type": "openvas", "history": [], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "cvelist": ["CVE-2011-3880", "CVE-2011-2861", "CVE-2011-2855", "CVE-2011-2850", "CVE-2011-2852", "CVE-2011-2851", "CVE-2011-2839", "CVE-2011-3234", "CVE-2011-2840", "CVE-2011-2845", "CVE-2011-3881", "CVE-2011-2838", "CVE-2011-2349", "CVE-2011-2848", "CVE-2011-2345", "CVE-2011-2874", "CVE-2011-3882", "CVE-2011-2350", "CVE-2011-2351", "CVE-2011-2346", "CVE-2011-3884", "CVE-2011-3888", "CVE-2011-2853", "CVE-2011-2862", "CVE-2011-2846", "CVE-2011-2849", "CVE-2011-2860", "CVE-2011-3877", "CVE-2011-3890", "CVE-2011-2859", "CVE-2011-2856", "CVE-2011-3886", "CVE-2011-2347", "CVE-2011-3885", "CVE-2011-2844", "CVE-2011-2864", "CVE-2011-2837", "CVE-2011-3876", "CVE-2011-2835", "CVE-2011-3873", "CVE-2011-2834", "CVE-2011-3891", "CVE-2011-2847", "CVE-2011-3878", "CVE-2011-3875", "CVE-2011-3883", "CVE-2011-3879", "CVE-2011-2858", "CVE-2011-2841", "CVE-2011-3889", "CVE-2011-2348", "CVE-2011-3887", "CVE-2011-2857", "CVE-2011-2854", "CVE-2011-2843"], "lastseen": "2017-07-02T21:10:46", "pluginID": "70790"}, "differentElements": ["modified", "sourceData"], "edition": 1}], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "cvelist": ["CVE-2011-3880", "CVE-2011-2861", "CVE-2011-2855", "CVE-2011-2850", "CVE-2011-2852", "CVE-2011-2851", "CVE-2011-2839", "CVE-2011-3234", "CVE-2011-2840", "CVE-2011-2845", "CVE-2011-3881", "CVE-2011-2838", "CVE-2011-2349", "CVE-2011-2848", "CVE-2011-2345", "CVE-2011-2874", "CVE-2011-3882", "CVE-2011-2350", "CVE-2011-2351", "CVE-2011-2346", "CVE-2011-3884", "CVE-2011-3888", "CVE-2011-2853", "CVE-2011-2862", "CVE-2011-2846", "CVE-2011-2849", "CVE-2011-2860", "CVE-2011-3877", "CVE-2011-3890", "CVE-2011-2859", "CVE-2011-2856", "CVE-2011-3886", "CVE-2011-2347", "CVE-2011-3885", "CVE-2011-2844", "CVE-2011-2864", "CVE-2011-2837", "CVE-2011-3876", "CVE-2011-2835", "CVE-2011-3873", "CVE-2011-2834", "CVE-2011-3891", "CVE-2011-2847", "CVE-2011-3878", "CVE-2011-3875", "CVE-2011-3883", "CVE-2011-3879", "CVE-2011-2858", "CVE-2011-2841", "CVE-2011-3889", "CVE-2011-2348", "CVE-2011-3887", "CVE-2011-2857", "CVE-2011-2854", "CVE-2011-2843"], "lastseen": "2017-07-24T12:50:58", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities have been reported in Chromium and V8,\n some of which may allow execution of arbitrary code and local root\n privilege escalation.\";\ntag_solution = \"All Chromium users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/chromium-15.0.874.102'\n \n\nAll V8 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-lang/v8-3.5.10.22'\n \n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20201111-01\nhttp://bugs.gentoo.org/show_bug.cgi?id=351525\nhttp://bugs.gentoo.org/show_bug.cgi?id=353626\nhttp://bugs.gentoo.org/show_bug.cgi?id=354121\nhttp://bugs.gentoo.org/show_bug.cgi?id=356933\nhttp://bugs.gentoo.org/show_bug.cgi?id=357963\nhttp://bugs.gentoo.org/show_bug.cgi?id=358581\nhttp://bugs.gentoo.org/show_bug.cgi?id=360399\nhttp://bugs.gentoo.org/show_bug.cgi?id=363629\nhttp://bugs.gentoo.org/show_bug.cgi?id=365125\nhttp://bugs.gentoo.org/show_bug.cgi?id=366335\nhttp://bugs.gentoo.org/show_bug.cgi?id=367013\nhttp://bugs.gentoo.org/show_bug.cgi?id=368649\nhttp://bugs.gentoo.org/show_bug.cgi?id=370481\nhttp://bugs.gentoo.org/show_bug.cgi?id=373451\nhttp://bugs.gentoo.org/show_bug.cgi?id=373469\nhttp://bugs.gentoo.org/show_bug.cgi?id=377475\nhttp://bugs.gentoo.org/show_bug.cgi?id=377629\nhttp://bugs.gentoo.org/show_bug.cgi?id=380311\nhttp://bugs.gentoo.org/show_bug.cgi?id=380897\nhttp://bugs.gentoo.org/show_bug.cgi?id=381713\nhttp://bugs.gentoo.org/show_bug.cgi?id=383251\nhttp://bugs.gentoo.org/show_bug.cgi?id=385649\nhttp://bugs.gentoo.org/show_bug.cgi?id=388461\nhttp://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html\nhttp://googlechromereleases.blogspot.com/2011/03/stable-and-beta-channel-updates.html\nhttp://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html\nhttp://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html\nhttp://googlechromereleases.blogspot.com/2011/05/beta-and-stable-channel-update.html\nhttp://googlechromereleases.blogspot.com/2011/05/stable-channel-update.html\nhttp://googlechromereleases.blogspot.com/2011/05/stable-channel-update_24.html\nhttp://googlechromereleases.blogspot.com/2011/06/stable-channel-update_28.html\nhttp://googlechromereleases.blogspot.com/2011/06/chrome-stable-release.html\nhttp://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html\nhttp://googlechromereleases.blogspot.com/2011/08/stable-channel-update_22.html\nhttp://googlechromereleases.blogspot.com/2011/09/stable-channel-update.html\nhttp://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html\nhttp://googlechromereleases.blogspot.com/2011/10/stable-channel-update.html\nhttp://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html\nhttp://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html\nhttp://googlechromereleases.blogspot.com/2011/02/stable-channel-update_28.html\nhttp://googlechromereleases.blogspot.com/2011/02/stable-channel-update.html\nhttp://googlechromereleases.blogspot.com/2011/02/stable-channel-update_08.html\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 201111-01.\";\n\n \n \nif(description)\n{\n script_id(70790);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2011-2345\", \"CVE-2011-2346\", \"CVE-2011-2347\", \"CVE-2011-2348\", \"CVE-2011-2349\", \"CVE-2011-2350\", \"CVE-2011-2351\", \"CVE-2011-2834\", \"CVE-2011-2835\", \"CVE-2011-2837\", \"CVE-2011-2838\", \"CVE-2011-2839\", \"CVE-2011-2840\", \"CVE-2011-2841\", \"CVE-2011-2843\", \"CVE-2011-2844\", \"CVE-2011-2845\", \"CVE-2011-2846\", \"CVE-2011-2847\", \"CVE-2011-2848\", \"CVE-2011-2849\", \"CVE-2011-2850\", \"CVE-2011-2851\", \"CVE-2011-2852\", \"CVE-2011-2853\", \"CVE-2011-2854\", \"CVE-2011-2855\", \"CVE-2011-2856\", \"CVE-2011-2857\", \"CVE-2011-2858\", \"CVE-2011-2859\", \"CVE-2011-2860\", \"CVE-2011-2861\", \"CVE-2011-2862\", \"CVE-2011-2864\", \"CVE-2011-2874\", \"CVE-2011-3234\", \"CVE-2011-3873\", \"CVE-2011-3875\", \"CVE-2011-3876\", \"CVE-2011-3877\", \"CVE-2011-3878\", \"CVE-2011-3879\", \"CVE-2011-3880\", \"CVE-2011-3881\", \"CVE-2011-3882\", \"CVE-2011-3883\", \"CVE-2011-3884\", \"CVE-2011-3885\", \"CVE-2011-3886\", \"CVE-2011-3887\", \"CVE-2011-3888\", \"CVE-2011-3889\", \"CVE-2011-3890\", \"CVE-2011-3891\");\n script_version(\"$Revision: 6593 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:18:14 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-12 10:04:40 -0500 (Sun, 12 Feb 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201111-01 (chromium v8)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"www-client/chromium\", unaffected: make_list(\"ge 15.0.874.102\"), vulnerable: make_list(\"lt 15.0.874.102\"))) != NULL ) {\n report += res;\n}\nif((res = ispkgvuln(pkg:\"dev-lang/v8\", unaffected: make_list(\"ge 3.5.10.22\"), vulnerable: make_list(\"lt 3.5.10.22\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "pluginID": "70790"}

{"nessus": [{"lastseen": "2019-02-21T01:15:33", "bulletinFamily": "scanner", "description": "The version of Google Chrome installed on the remote host is earlier than 15.0.874.102. It therefore is potentially affected by the following vulnerabilities :\n\n - Several URL bar spoofing errors exist related to history handling and drag-and-drop of URLs.\n (CVE-2011-2845, CVE-2011-3875)\n\n - Whitespace is stripped from the end of download filenames. (CVE-2011-3876)\n\n - A cross-site scripting issue exists related to the 'appcache' internals page. (CVE-2011-3877)\n\n - A race condition exists related to working process initialization. (CVE-2011-3878)\n\n - An error exists related to redirection to 'chrome scheme' URIs. (CVE-2011-3879)\n\n - Unspecified special characters may be used as delimiters in HTTP headers. (CVE-2011-3880)\n\n - Several cross-origin policy violation issues exist.\n (CVE-2011-3881)\n\n - Several use-after-free errors exist related to media buffer handling, counter handling, stale styles, plugins and editing, and video source handling.\n (CVE-2011-3882, CVE-2011-3883, CVE-2011-3885, CVE-2011-3888, CVE-2011-3890)\n\n - Timing issues exist related to DOM traversal.\n (CVE-2011-3884)\n\n - An out-of-bounds write error exists in the V8 JavaScript engine. (CVE-2011-3886)\n\n - Cookie theft is possible via JavaScript URIs.\n (CVE-2011-3887)\n\n - A heap overflow issue exists related to Web Audio.\n (CVE-2011-3889)\n\n - Functions internal to the V8 JavaScript engine are exposed. (CVE-2011-3891)", "modified": "2018-11-15T00:00:00", "id": "GOOGLE_CHROME_15_0_874_102.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=56650", "published": "2011-10-26T00:00:00", "title": "Google Chrome < 15.0.874.102 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56650);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/11/15 20:50:26\");\n\n script_cve_id(\n \"CVE-2011-2845\",\n \"CVE-2011-3875\",\n \"CVE-2011-3876\",\n \"CVE-2011-3877\",\n \"CVE-2011-3878\",\n \"CVE-2011-3879\",\n \"CVE-2011-3880\",\n \"CVE-2011-3881\",\n \"CVE-2011-3882\",\n \"CVE-2011-3883\",\n \"CVE-2011-3884\",\n \"CVE-2011-3885\",\n \"CVE-2011-3886\",\n \"CVE-2011-3887\",\n \"CVE-2011-3888\",\n \"CVE-2011-3889\",\n \"CVE-2011-3890\",\n \"CVE-2011-3891\"\n );\n script_bugtraq_id(50360);\n\n script_name(english:\"Google Chrome < 15.0.874.102 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version number of Google Chrome\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains a web browser that is affected by multiple\nvulnerabilities.\");\n\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote host is earlier\nthan 15.0.874.102. It therefore is potentially affected by the\nfollowing vulnerabilities :\n\n - Several URL bar spoofing errors exist related to\n history handling and drag-and-drop of URLs.\n (CVE-2011-2845, CVE-2011-3875)\n\n - Whitespace is stripped from the end of download\n filenames. (CVE-2011-3876)\n\n - A cross-site scripting issue exists related to the\n 'appcache' internals page. (CVE-2011-3877)\n\n - A race condition exists related to working process\n initialization. (CVE-2011-3878)\n\n - An error exists related to redirection to 'chrome\n scheme' URIs. (CVE-2011-3879)\n\n - Unspecified special characters may be used as\n delimiters in HTTP headers. (CVE-2011-3880)\n\n - Several cross-origin policy violation issues exist.\n (CVE-2011-3881)\n\n - Several use-after-free errors exist related to media\n buffer handling, counter handling, stale styles,\n plugins and editing, and video source handling.\n (CVE-2011-3882, CVE-2011-3883, CVE-2011-3885,\n CVE-2011-3888, CVE-2011-3890)\n\n - Timing issues exist related to DOM traversal.\n (CVE-2011-3884)\n\n - An out-of-bounds write error exists in the V8\n JavaScript engine. (CVE-2011-3886)\n\n - Cookie theft is possible via JavaScript URIs.\n (CVE-2011-3887)\n\n - A heap overflow issue exists related to Web Audio.\n (CVE-2011-3889)\n\n - Functions internal to the V8 JavaScript engine are\n exposed. (CVE-2011-3891)\");\n # https://chromereleases.googleblog.com/2011/10/chrome-stable-release.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c70534ff\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Google Chrome 15.0.874.102 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/10/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"SMB/Google_Chrome/Installed\");\n\ninstalls = get_kb_list(\"SMB/Google_Chrome/*\");\ngoogle_chrome_check_version(installs:installs, fix:'15.0.874.102', xss:TRUE, severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:15:23", "bulletinFamily": "scanner", "description": "The version of Google Chrome installed on the remote host is earlier than 14.0.835.163 and is affected by multiple vulnerabilities:\n\n - A race condition exists related to the certificate cache. (Issue #49377)\n\n - The Windows Media Player plugin allows click-free access to the system Flash. (Issue #51464)\n\n - MIME types are not treated authoritatively at plugin load time. (Issue #75070)\n\n - An unspecified error allows V8 script object wrappers to crash. (Issue #76771)\n\n - The included PDF functionality contains a garbage collection error. (Issue #78639)\n\n - Out-of-bounds read issues exist related to media buffers, mp3 files, box handling, Khmer characters, video handling, Tibetan characters, and triangle arrays. (Issues #82438, #85041, #89991, #90134, #90173, #95563, #95625)\n\n - An unspecified error allows data displayed in the URL to be spoofed. (Issue #83031)\n\n - Use-after-free errors exist related to unload event handling, the document loader, plugin handling, ruby, table style handling, and the focus controller.\n (Issues #89219, #89330, #91197, #92651, #94800, #93420, #93587)\n\n - The URL bar can be spoofed in an unspecified manner related to the forward button. (Issue #89564)\n\n - An NULL pointer error exists related to WebSockets.\n (Issue #89795)\n\n - An off-by-one error exists related to the V8 JavaScript engine. (Issue #91120)\n\n - A stale node error exists related to CSS stylesheet handling. (Issue #92959)\n\n - A cross-origin bypass error exists related to the V8 JavaScript engine. (Issue #93416)\n\n - A double-free error exists related to XPath handling in libxml. (Issue #93472)\n\n - Incorrect permissions are assigned to non-gallery pages. (Issue #93497)\n\n - An improper string read occurs in the included PDF functionality. (Issue #93596)\n\n - An unspecified error allows unintended access to objects built in to the V8 JavaScript engine.\n (Issue #93906)\n\n - Self-signed certificates are not pinned properly.\n (Issue #95917)\n\n - A variable-type confusion issue exists in the V8 JavaScript engine related to object sealing.\n (Issue #95920)", "modified": "2018-11-15T00:00:00", "id": "GOOGLE_CHROME_14_0_835_163.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=56230", "published": "2011-09-19T00:00:00", "title": "Google Chrome < 14.0.835.163 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56230);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/11/15 20:50:26\");\n\n script_cve_id(\n \"CVE-2011-2830\",\n \"CVE-2011-2834\",\n \"CVE-2011-2835\",\n \"CVE-2011-2836\",\n \"CVE-2011-2838\",\n \"CVE-2011-2839\",\n \"CVE-2011-2840\",\n \"CVE-2011-2841\",\n \"CVE-2011-2843\",\n \"CVE-2011-2844\",\n \"CVE-2011-2846\",\n \"CVE-2011-2847\",\n \"CVE-2011-2848\",\n \"CVE-2011-2849\",\n \"CVE-2011-2850\",\n \"CVE-2011-2851\",\n \"CVE-2011-2852\",\n \"CVE-2011-2853\",\n \"CVE-2011-2854\",\n \"CVE-2011-2855\",\n \"CVE-2011-2856\",\n \"CVE-2011-2857\",\n \"CVE-2011-2858\",\n \"CVE-2011-2859\",\n \"CVE-2011-2860\",\n \"CVE-2011-2861\",\n \"CVE-2011-2862\",\n \"CVE-2011-2864\",\n \"CVE-2011-2874\",\n \"CVE-2011-2875\",\n \"CVE-2011-3234\"\n );\n script_bugtraq_id(49658, 49933);\n script_xref(name:\"EDB-ID\", value:\"17929\");\n\n script_name(english:\"Google Chrome < 14.0.835.163 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version number of Google Chrome\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains a web browser that is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote host is earlier\nthan 14.0.835.163 and is affected by multiple vulnerabilities:\n\n - A race condition exists related to the certificate\n cache. (Issue #49377)\n\n - The Windows Media Player plugin allows click-free\n access to the system Flash. (Issue #51464)\n\n - MIME types are not treated authoritatively at plugin\n load time. (Issue #75070)\n\n - An unspecified error allows V8 script object wrappers\n to crash. (Issue #76771)\n\n - The included PDF functionality contains a garbage\n collection error. (Issue #78639)\n\n - Out-of-bounds read issues exist related to media\n buffers, mp3 files, box handling, Khmer characters,\n video handling, Tibetan characters, and triangle\n arrays. (Issues #82438, #85041, #89991, #90134, #90173,\n #95563, #95625)\n\n - An unspecified error allows data displayed in the URL\n to be spoofed. (Issue #83031)\n\n - Use-after-free errors exist related to unload event\n handling, the document loader, plugin handling, ruby,\n table style handling, and the focus controller.\n (Issues #89219, #89330, #91197, #92651, #94800, #93420,\n #93587)\n\n - The URL bar can be spoofed in an unspecified manner\n related to the forward button. (Issue #89564)\n\n - An NULL pointer error exists related to WebSockets.\n (Issue #89795)\n\n - An off-by-one error exists related to the V8 JavaScript\n engine. (Issue #91120)\n\n - A stale node error exists related to CSS stylesheet\n handling. (Issue #92959)\n\n - A cross-origin bypass error exists related to the V8\n JavaScript engine. (Issue #93416)\n\n - A double-free error exists related to XPath handling\n in libxml. (Issue #93472)\n\n - Incorrect permissions are assigned to non-gallery\n pages. (Issue #93497)\n\n - An improper string read occurs in the included PDF\n functionality. (Issue #93596)\n\n - An unspecified error allows unintended access to\n objects built in to the V8 JavaScript engine.\n (Issue #93906)\n\n - Self-signed certificates are not pinned properly.\n (Issue #95917)\n\n - A variable-type confusion issue exists in the V8\n JavaScript engine related to object sealing.\n (Issue #95920)\");\n # https://chromereleases.googleblog.com/2011/09/stable-channel-update_16.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?642ea0af\");\n\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Google Chrome 14.0.835.163 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/09/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/09/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"SMB/Google_Chrome/Installed\");\n\ninstalls = get_kb_list(\"SMB/Google_Chrome/*\");\ngoogle_chrome_check_version(installs:installs, fix:'14.0.835.163', severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:15:35", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-201111-01 (Chromium, V8: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details.\n Impact :\n\n A local attacker could gain root privileges (CVE-2011-1444, fixed in chromium-11.0.696.57).\n A context-dependent attacker could entice a user to open a specially crafted website or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process, or a Denial of Service condition. The attacker also could obtain cookies and other sensitive information, conduct man-in-the-middle attacks, perform address bar spoofing, bypass the same origin policy, perform Cross-Site Scripting attacks, or bypass pop-up blocks.\n Workaround :\n\n There is no known workaround at this time.", "modified": "2018-07-12T00:00:00", "id": "GENTOO_GLSA-201111-01.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=56686", "published": "2011-11-02T00:00:00", "title": "GLSA-201111-01 : Chromium, V8: Multiple vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201111-01.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56686);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/07/12 15:01:52\");\n\n script_cve_id(\"CVE-2011-2345\", \"CVE-2011-2346\", \"CVE-2011-2347\", \"CVE-2011-2348\", \"CVE-2011-2349\", \"CVE-2011-2350\", \"CVE-2011-2351\", \"CVE-2011-2834\", \"CVE-2011-2835\", \"CVE-2011-2837\", \"CVE-2011-2838\", \"CVE-2011-2839\", \"CVE-2011-2840\", \"CVE-2011-2841\", \"CVE-2011-2843\", \"CVE-2011-2844\", \"CVE-2011-2845\", \"CVE-2011-2846\", \"CVE-2011-2847\", \"CVE-2011-2848\", \"CVE-2011-2849\", \"CVE-2011-2850\", \"CVE-2011-2851\", \"CVE-2011-2852\", \"CVE-2011-2853\", \"CVE-2011-2854\", \"CVE-2011-2855\", \"CVE-2011-2856\", \"CVE-2011-2857\", \"CVE-2011-2858\", \"CVE-2011-2859\", \"CVE-2011-2860\", \"CVE-2011-2861\", \"CVE-2011-2862\", \"CVE-2011-2864\", \"CVE-2011-2874\", \"CVE-2011-3234\", \"CVE-2011-3873\", \"CVE-2011-3875\", \"CVE-2011-3876\", \"CVE-2011-3877\", \"CVE-2011-3878\", \"CVE-2011-3879\", \"CVE-2011-3880\", \"CVE-2011-3881\", \"CVE-2011-3882\", \"CVE-2011-3883\", \"CVE-2011-3884\", \"CVE-2011-3885\", \"CVE-2011-3886\", \"CVE-2011-3887\", \"CVE-2011-3888\", \"CVE-2011-3889\", \"CVE-2011-3890\", \"CVE-2011-3891\");\n script_bugtraq_id(48479, 49279, 49658, 49933, 49938, 50360);\n script_xref(name:\"GLSA\", value:\"201111-01\");\n\n script_name(english:\"GLSA-201111-01 : Chromium, V8: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201111-01\n(Chromium, V8: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Chromium and V8. Please\n review the CVE identifiers and release notes referenced below for\n details.\n \nImpact :\n\n A local attacker could gain root privileges (CVE-2011-1444, fixed in\n chromium-11.0.696.57).\n A context-dependent attacker could entice a user to open a specially\n crafted website or JavaScript program using Chromium or V8, possibly\n resulting in the execution of arbitrary code with the privileges of the\n process, or a Denial of Service condition. The attacker also could obtain\n cookies and other sensitive information, conduct man-in-the-middle\n attacks, perform address bar spoofing, bypass the same origin policy,\n perform Cross-Site Scripting attacks, or bypass pop-up blocks.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n # https://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8cdd12e7\"\n );\n # https://googlechromereleases.blogspot.com/2011/03/stable-and-beta-channel-updates.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6d45fe3d\"\n );\n # https://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1d9aa975\"\n );\n # https://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0d205a23\"\n );\n # https://googlechromereleases.blogspot.com/2011/05/beta-and-stable-channel-update.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?33508fb4\"\n );\n # https://googlechromereleases.blogspot.com/2011/05/stable-channel-update.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a5032235\"\n );\n # https://googlechromereleases.blogspot.com/2011/05/stable-channel-update_24.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5fef5430\"\n );\n # https://googlechromereleases.blogspot.com/2011/06/stable-channel-update_28.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?65e7cd39\"\n );\n # https://googlechromereleases.blogspot.com/2011/06/chrome-stable-release.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?28c7fa49\"\n );\n # https://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a91c1365\"\n );\n # https://googlechromereleases.blogspot.com/2011/08/stable-channel-update_22.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?84523741\"\n );\n # https://googlechromereleases.blogspot.com/2011/09/stable-channel-update.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b277c372\"\n );\n # https://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5c02fa14\"\n );\n # https://googlechromereleases.blogspot.com/2011/10/stable-channel-update.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?02dd0c90\"\n );\n # https://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6e75d665\"\n );\n # https://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e0400292\"\n );\n # https://googlechromereleases.blogspot.com/2011/02/stable-channel-update_28.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7535a0a5\"\n );\n # https://googlechromereleases.blogspot.com/2011/02/stable-channel-update.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6a566189\"\n );\n # https://googlechromereleases.blogspot.com/2011/02/stable-channel-update_08.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d3b8dc2a\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201111-01\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Chromium users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-client/chromium-15.0.874.102'\n All V8 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-lang/v8-3.5.10.22'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:v8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-client/chromium\", unaffected:make_list(\"ge 15.0.874.102\"), vulnerable:make_list(\"lt 15.0.874.102\"))) flag++;\nif (qpkg_check(package:\"dev-lang/v8\", unaffected:make_list(\"ge 3.5.10.22\"), vulnerable:make_list(\"lt 3.5.10.22\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Chromium / V8\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:15:07", "bulletinFamily": "scanner", "description": "The version of Google Chrome installed on the remote host is earlier than 12.0.742.112. As such, it is affected by the following vulnerabilities :\n\n - An out-of-bounds read in NPAPI string handling exists.\n (Issue #77493)\n\n - A use-after-free issue exists in SVG font handling.\n (Issue #84355)\n\n - A memory corruption issue exists in CSS parsing.\n (Issue #85003)\n\n - Multiple lifetime and re-entrancy issues exist in the HTML parser. (Issue #85102)\n\n - A bad bounds check exists in v8. (Issue #85177)\n\n - A use-after-free issue exists with the SVG use element.\n (Issue #85211)\n\n - A use-after-free issue exists in text selection.\n (Issue #85418)", "modified": "2018-11-15T00:00:00", "id": "GOOGLE_CHROME_12_0_742_112.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=55460", "published": "2011-06-29T00:00:00", "title": "Google Chrome < 12.0.742.112 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55460);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/11/15 20:50:26\");\n\n script_cve_id(\n \"CVE-2011-2345\",\n \"CVE-2011-2346\",\n \"CVE-2011-2347\",\n \"CVE-2011-2348\",\n \"CVE-2011-2349\",\n \"CVE-2011-2350\",\n \"CVE-2011-2351\"\n );\n script_bugtraq_id(48479);\n\n script_name(english:\"Google Chrome < 12.0.742.112 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version number of Google Chrome\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains a web browser that is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote host is earlier\nthan 12.0.742.112. As such, it is affected by the following\nvulnerabilities :\n\n - An out-of-bounds read in NPAPI string handling exists.\n (Issue #77493)\n\n - A use-after-free issue exists in SVG font handling.\n (Issue #84355)\n\n - A memory corruption issue exists in CSS parsing.\n (Issue #85003)\n\n - Multiple lifetime and re-entrancy issues exist in the\n HTML parser. (Issue #85102)\n\n - A bad bounds check exists in v8. (Issue #85177)\n\n - A use-after-free issue exists with the SVG use element.\n (Issue #85211)\n\n - A use-after-free issue exists in text selection.\n (Issue #85418)\");\n\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c67e17fe\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Google Chrome 12.0.742.112 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/06/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/06/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/06/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"SMB/Google_Chrome/Installed\");\n\ninstalls = get_kb_list(\"SMB/Google_Chrome/*\");\ngoogle_chrome_check_version(installs:installs, fix:'12.0.742.112', severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:14:13", "bulletinFamily": "scanner", "description": "Google Chrome Releases reports :\n\nFixed in 15.0.874.121 : [103259] High CVE-2011-3900: Out-of-bounds write in v8. Credit to Christian Holler.\n\nFixed in 15.0.874.120 : [100465] High CVE-2011-3892: Double free in Theora decoder. Credit to Aki Helin of OUSPG. [100492] [100543] Medium CVE-2011-3893: Out of bounds reads in MKV and Vorbis media handlers.\nCredit to Aki Helin of OUSPG. [101172] High CVE-2011-3894: Memory corruption regression in VP8 decoding. Credit to Andrew Scherkus of the Chromium development community. [101458] High CVE-2011-3895: Heap overflow in Vorbis decoder. Credit to Aki Helin of OUSPG. [101624] High CVE-2011-3896: Buffer overflow in shader variable mapping. Credit to Ken 'strcpy' Russell of the Chromium development community.\n[102242] High CVE-2011-3897: Use-after-free in editing. Credit to pa_kt reported through ZDI (ZDI-CAN-1416). [102461] Low CVE-2011-3898:\nFailure to ask for permission to run applets in JRE7. Credit to Google Chrome Security Team (Chris Evans).\n\nFixed in 15.0.874.102 : [86758] High CVE-2011-2845: URL bar spoof in history handling. Credit to Jordi Chancel. [88949] Medium CVE-2011-3875: URL bar spoof with drag+drop of URLs. Credit to Jordi Chancel. [90217] Low CVE-2011-3876: Avoid stripping whitespace at the end of download filenames. Credit to Marc Novak. [91218] Low CVE-2011-3877: XSS in appcache internals page. Credit to Google Chrome Security Team (Tom Sepez) plus independent discovery by Juho Nurminen.\n[94487] Medium CVE-2011-3878: Race condition in worker process initialization. Credit to miaubiz. [95374] Low CVE-2011-3879: Avoid redirect to chrome scheme URIs. Credit to Masato Kinugawa. [95992] Low CVE-2011-3880: Don't permit as a HTTP header delimiter. Credit to Vladimir Vorontsov, ONsec company. [96047] [96885] [98053] [99512] [99750] High CVE-2011-3881 : Cross-origin policy violations. Credit to Sergey Glazunov. [96292] High CVE-2011-3882: Use-after-free in media buffer handling. Credit to Google Chrome Security Team (Inferno).\n[96902] High CVE-2011-3883: Use-after-free in counter handling. Credit to miaubiz. [97148] High CVE-2011-3884: Timing issues in DOM traversal. Credit to Brian Ryner of the Chromium development community. [97599] [98064] [98556] [99294] [99880] [100059] High CVE-2011-3885 : Stale style bugs leading to use-after-free. Credit to miaubiz. [98773] [99167] High CVE-2011-3886: Out of bounds writes in v8. Credit to Christian Holler. [98407] Medium CVE-2011-3887: Cookie theft with javascript URIs. Credit to Sergey Glazunov. [99138] High CVE-2011-3888: Use-after-free with plug-in and editing. Credit to miaubiz. [99211] High CVE-2011-3889: Heap overflow in Web Audio.\nCredit to miaubiz. [99553] High CVE-2011-3890: Use-after-free in video source handling. Credit to Ami Fischman of the Chromium development community. [100332] High CVE-2011-3891: Exposure of internal v8 functions. Credit to Steven Keuchel of the Chromium development community plus independent discovery by Daniel Divricean.\n\nFixed in 14.0.835.202 : [93788] High CVE-2011-2876: Use-after-free in text line box handling. Credit to miaubiz. [95072] High CVE-2011-2877:\nStale font in SVG text handling. Credit to miaubiz. [95671] High CVE-2011-2878: Inappropriate cross-origin access to the window prototype. Credit to Sergey Glazunov. [96150] High CVE-2011-2879:\nLifetime and threading issues in audio node handling. Credit to Google Chrome Security Team (Inferno). [97451] [97520] [97615] High CVE-2011-2880: Use-after-free in the v8 bindings. Credit to Sergey Glazunov. [97784] High CVE-2011-2881: Memory corruption with v8 hidden objects. Credit to Sergey Glazunov. [98089] Critical CVE-2011-3873:\nMemory corruption in shader translator. Credit to Zhenyao Mo of the Chromium development community.\n\nFixed in 14.0.835.163 : [49377] High CVE-2011-2835: Race condition in the certificate cache. Credit to Ryan Sleevi of the Chromium development community. [51464] Low CVE-2011-2836: Infobar the Windows Media Player plug-in to avoid click-free access to the system Flash.\nCredit to electronixtar. [Linux only] [57908] Low CVE-2011-2837: Use PIC / pie compiler flags. Credit to wbrana. [75070] Low CVE-2011-2838:\nTreat MIME type more authoritatively when loading plug-ins. Credit to Michal Zalewski of the Google Security Team. [76771] High CVE-2011-2839: Crash in v8 script object wrappers. Credit to Kostya Serebryany of the Chromium development community. [78427] [83031] Low CVE-2011-2840: Possible URL bar spoofs with unusual user interaction.\nCredit to kuzzcc. [78639] High CVE-2011-2841: Garbage collection error in PDF. Credit to Mario Gomes. [82438] Medium CVE-2011-2843:\nOut-of-bounds read with media buffers. Credit to Kostya Serebryany of the Chromium development community. [85041] Medium CVE-2011-2844:\nOut-of-bounds read with mp3 files. Credit to Mario Gomes. [89219] High CVE-2011-2846: Use-after-free in unload event handling. Credit to Arthur Gerkis. [89330] High CVE-2011-2847: Use-after-free in document loader. Credit to miaubiz. [89564] Medium CVE-2011-2848: URL bar spoof with forward button. Credit to Jordi Chancel. [89795] Low CVE-2011-2849: Browser NULL pointer crash with WebSockets. Credit to Arthur Gerkis. [89991] Medium CVE-2011-3234: Out-of-bounds read in box handling. Credit to miaubiz. [90134] Medium CVE-2011-2850:\nOut-of-bounds read with Khmer characters. Credit to miaubiz. [90173] Medium CVE-2011-2851: Out-of-bounds read in video handling. Credit to Google Chrome Security Team (Inferno). [91120] High CVE-2011-2852:\nOff-by-one in v8. Credit to Christian Holler. [91197] High CVE-2011-2853: Use-after-free in plug-in handling. Credit to Google Chrome Security Team (SkyLined). [92651] [94800] High CVE-2011-2854:\nUse-after-free in ruby / table style handing. Credit to Slawomir Blazek, and independent later discoveries by miaubiz and Google Chrome Security Team (Inferno). [92959] High CVE-2011-2855: Stale node in stylesheet handling. Credit to Arthur Gerkis. [93416] High CVE-2011-2856: Cross-origin bypass in v8. Credit to Daniel Divricean.\n[93420] High CVE-2011-2857: Use-after-free in focus controller. Credit to miaubiz. [93472] High CVE-2011-2834: Double free in libxml XPath handling. Credit to Yang Dingning from NCNIPC, Graduate University of Chinese Academy of Sciences. [93497] Medium CVE-2011-2859: Incorrect permissions assigned to non-gallery pages. Credit to Bernhard 'Bruhns' Brehm of Recurity Labs. [93587] High CVE-2011-2860: Use-after-free in table style handling. Credit to miaubiz. [93596] Medium CVE-2011-2861:\nBad string read in PDF. Credit to Aki Helin of OUSPG. [93906] High CVE-2011-2862: Unintended access to v8 built-in objects. Credit to Sergey Glazunov. [95563] Medium CVE-2011-2864: Out-of-bounds read with Tibetan characters. Credit to Google Chrome Security Team (Inferno).\n[95625] Medium CVE-2011-2858: Out-of-bounds read with triangle arrays.\nCredit to Google Chrome Security Team (Inferno). [95917] Low CVE-2011-2874: Failure to pin a self-signed cert for a session. Credit to Nishant Yadant of VMware and Craig Chamberlain (@randomuserid).\nHigh CVE-2011-2875: Type confusion in v8 object sealing. Credit to Christian Holler.\n\nFixed in 13.0.782.215 : [89402] High CVE-2011-2821: Double free in libxml XPath handling. Credit to Yang Dingning from NCNIPC, Graduate University of Chinese Academy of Sciences. [82552] High CVE-2011-2823:\nUse-after-free in line box handling. Credit to Google Chrome Security Team (SkyLined) and independent later discovery by miaubiz. [88216] High CVE-2011-2824: Use-after-free with counter nodes. Credit to miaubiz. [88670] High CVE-2011-2825: Use-after-free with custom fonts.\nCredit to wushi of team509 reported through ZDI (ZDI-CAN-1283), plus indepdendent later discovery by miaubiz. [87453] High CVE-2011-2826:\nCross-origin violation with empty origins. Credit to Sergey Glazunov.\n[90668] High CVE-2011-2827: Use-after-free in text searching. Credit to miaubiz. [91517] High CVE-2011-2828: Out-of-bounds write in v8.\nCredit to Google Chrome Security Team (SkyLined). [32-bit only] [91598] High CVE-2011-2829: Integer overflow in uniform arrays. Credit to Sergey Glazunov. [Linux only] [91665] High CVE-2011-2839: Buggy memset() in PDF. Credit to Aki Helin of OUSPG.\n\nFixed in 13.0.782.107 : [75821] Medium CVE-2011-2358: Always confirm an extension install via a browser dialog. Credit to Sergey Glazunov.\n[78841] High CVE-2011-2359: Stale pointer due to bad line box tracking in rendering. Credit to miaubiz and Martin Barbella. [79266] Low CVE-2011-2360: Potential bypass of dangerous file prompt. Credit to kuzzcc. [79426] Low CVE-2011-2361: Improve designation of strings in the basic auth dialog. Credit to kuzzcc. [Linux only] [81307] Medium CVE-2011-2782: File permissions error with drag and drop. Credit to Evan Martin of the Chromium development community. [83273] Medium CVE-2011-2783: Always confirm a developer mode NPAPI extension install via a browser dialog. Credit to Sergey Glazunov. [83841] Low CVE-2011-2784: Local file path disclosure via GL program log. Credit to kuzzcc. [84402] Low CVE-2011-2785: Sanitize the homepage URL in extensions. Credit to kuzzcc. [84600] Low CVE-2011-2786: Make sure the speech input bubble is always on-screen. Credit to Olli Pettay of Mozilla. [84805] Medium CVE-2011-2787: Browser crash due to GPU lock re-entrancy issue. Credit to kuzzcc. [85559] Low CVE-2011-2788: Buffer overflow in inspector serialization. Credit to Mikolaj Malecki.\n[85808] Medium CVE-2011-2789: Use after free in Pepper plug-in instantiation. Credit to Mario Gomes and kuzzcc. [86502] High CVE-2011-2790: Use-after-free with floating styles. Credit to miaubiz.\n[86900] High CVE-2011-2791: Out-of-bounds write in ICU. Credit to Yang Dingning from NCNIPC, Graduate University of Chinese Academy of Sciences. [87148] High CVE-2011-2792: Use-after-free with float removal. Credit to miaubiz. [87227] High CVE-2011-2793: Use-after-free in media selectors. Credit to miaubiz. [87298] Medium CVE-2011-2794:\nOut-of-bounds read in text iteration. Credit to miaubiz. [87339] Medium CVE-2011-2795: Cross-frame function leak. Credit to Shih Wei-Long. [87548] High CVE-2011-2796: Use-after-free in Skia. Credit to Google Chrome Security Team (Inferno) and Kostya Serebryany of the Chromium development community. [87729] High CVE-2011-2797:\nUse-after-free in resource caching. Credit to miaubiz. [87815] Low CVE-2011-2798: Prevent a couple of internal schemes from being web accessible. Credit to sirdarckcat of the Google Security Team. [87925] High CVE-2011-2799: Use-after-free in HTML range handling. Credit to miaubiz. [88337] Medium CVE-2011-2800: Leak of client-side redirect target. Credit to Juho Nurminen. [88591] High CVE-2011-2802: v8 crash with const lookups. Credit to Christian Holler. [88827] Medium CVE-2011-2803: Out-of-bounds read in Skia paths. Credit to Google Chrome Security Team (Inferno). [88846] High CVE-2011-2801:\nUse-after-free in frame loader. Credit to miaubiz. [88889] High CVE-2011-2818: Use-after-free in display box rendering. Credit to Martin Barbella. [89142] High CVE-2011-2804: PDF crash with nested functions. Credit to Aki Helin of OUSPG. [89520] High CVE-2011-2805:\nCross-origin script injection. Credit to Sergey Glazunov. [90222] High CVE-2011-2819: Cross-origin violation in base URI handling. Credit to Sergey Glazunov.\n\nFixed in 12.0.742.112 : [77493] Medium CVE-2011-2345: Out-of-bounds read in NPAPI string handling. Credit to Philippe Arteau. [84355] High CVE-2011-2346: Use-after-free in SVG font handling. Credit to miaubiz.\n[85003] High CVE-2011-2347: Memory corruption in CSS parsing. Credit to miaubiz. [85102] High CVE-2011-2350: Lifetime and re-entrancy issues in the HTML parser. Credit to miaubiz. [85177] High CVE-2011-2348: Bad bounds check in v8. Credit to Aki Helin of OUSPG.\n[85211] High CVE-2011-2351: Use-after-free with SVG use element.\nCredit to miaubiz. [85418] High CVE-2011-2349: Use-after-free in text selection. Credit to miaubiz.\n\nFixed in 12.0.742.91 : [73962] [79746] High CVE-2011-1808:\nUse-after-free due to integer issues in float handling. Credit to miaubiz. [75496] Medium CVE-2011-1809: Use-after-free in accessibility support. Credit to Google Chrome Security Team (SkyLined). [75643] Low CVE-2011-1810: Visit history information leak in CSS. Credit to Jesse Mohrland of Microsoft and Microsoft Vulnerability Research (MSVR).\n[76034] Low CVE-2011-1811: Browser crash with lots of form submissions. Credit to 'DimitrisV22'. [77026] Medium CVE-2011-1812:\nExtensions permission bypass. Credit to kuzzcc. [78516] High CVE-2011-1813: Stale pointer in extension framework. Credit to Google Chrome Security Team (Inferno). [79362] Medium CVE-2011-1814: Read from uninitialized pointer. Credit to Eric Roman of the Chromium development community. [79862] Low CVE-2011-1815: Extension script injection into new tab page. Credit to kuzzcc. [80358] Medium CVE-2011-1816: Use-after-free in developer tools. Credit to kuzzcc.\n[81916] Medium CVE-2011-1817: Browser memory corruption in history deletion. Credit to Collin Payne. [81949] High CVE-2011-1818:\nUse-after-free in image loader. Credit to miaubiz. [83010] Medium CVE-2011-1819: Extension injection into chrome:// pages. Credit to Vladislavas Jarmalis, plus subsequent independent discovery by Sergey Glazunov. [83275] High CVE-2011-2332: Same origin bypass in v8. Credit to Sergey Glazunov. [83743] High CVE-2011-2342: Same origin bypass in DOM. Credit to Sergey Glazunov.\n\nFixed in 11.0.696.71 : [72189] Low CVE-2011-1801: Pop-up blocker bypass. Credit to Chamal De Silva. [82546] High CVE-2011-1804: Stale pointer in floats rendering. Credit to Martin Barbella. [82873] Critical CVE-2011-1806: Memory corruption in GPU command buffer.\nCredit to Google Chrome Security Team (Cris Neckar). [82903] Critical CVE-2011-1807: Out-of-bounds write in blob handling. Credit to Google Chrome Security Team (Inferno) and Kostya Serebryany of the Chromium development community.\n\nFixed in 11.0.696.68 : [64046] High CVE-2011-1799: Bad casts in Chromium WebKit glue. Credit to Google Chrome Security Team (SkyLined). [80608] High CVE-2011-1800: Integer overflows in SVG filters. Credit to Google Chrome Security Team (Cris Neckar).\n\nFixed in 11.0.696.57 : [61502] High CVE-2011-1303: Stale pointer in floating object handling. Credit to Scott Hess of the Chromium development community and Martin Barbella. [70538] Low CVE-2011-1304:\nPop-up block bypass via plug-ins. Credit to Chamal De Silva. [Linux / Mac only] [70589] Medium CVE-2011-1305: Linked-list race in database handling. Credit to Kostya Serebryany of the Chromium development community. [71586] Medium CVE-2011-1434: Lack of thread safety in MIME handling. Credit to Aki Helin. [72523] Medium CVE-2011-1435: Bad extension with 'tabs' permission can capture local files. Credit to Cole Snodgrass. [Linux only] [72910] Low CVE-2011-1436: Possible browser crash due to bad interaction with X. Credit to miaubiz.\n[73526] High CVE-2011-1437: Integer overflows in float rendering.\nCredit to miaubiz. [74653] High CVE-2011-1438: Same origin policy violation with blobs. Credit to kuzzcc. [Linux only] [74763] High CVE-2011-1439: Prevent interference between renderer processes. Credit to Julien Tinnes of the Google Security Team. [75186] High CVE-2011-1440: Use-after-free with <ruby> tag and CSS. Credit to Jose A. Vazquez. [75347] High CVE-2011-1441: Bad cast with floating select lists. Credit to Michael Griffiths. [75801] High CVE-2011-1442:\nCorrupt node trees with mutation events. Credit to Sergey Glazunov and wushi of team 509. [76001] High CVE-2011-1443: Stale pointers in layering code. Credit to Martin Barbella. [Linux only] [76542] High CVE-2011-1444: Race condition in sandbox launcher. Credit to Dan Rosenberg. Medium CVE-2011-1445: Out-of-bounds read in SVG. Credit to wushi of team509. [76666] [77507] [78031] High CVE-2011-1446: Possible URL bar spoofs with navigation errors and interrupted loads. Credit to kuzzcc. [76966] High CVE-2011-1447: Stale pointer in drop-down list handling. Credit to miaubiz. [77130] High CVE-2011-1448: Stale pointer in height calculations. Credit to wushi of team509. [77346] High CVE-2011-1449: Use-after-free in WebSockets. Credit to Marek Majkowski. Low CVE-2011-1450: Dangling pointers in file dialogs.\nCredit to kuzzcc. [77463] High CVE-2011-1451: Dangling pointers in DOM id map. Credit to Sergey Glazunov. [77786] Medium CVE-2011-1452: URL bar spoof with redirect and manual reload. Credit to Jordi Chancel.\n[79199] High CVE-2011-1454: Use-after-free in DOM id handling. Credit to Sergey Glazunov. [79361] Medium CVE-2011-1455: Out-of-bounds read with multipart-encoded PDF. Credit to Eric Roman of the Chromium development community. [79364] High CVE-2011-1456: Stale pointers with PDF forms. Credit to Eric Roman of the Chromium development community.\n\nFixed in 10.0.648.205 : [75629] Critical CVE-2011-1301: Use-after-free in the GPU process. Credit to Google Chrome Security Team (Inferno).\n[78524] Critical CVE-2011-1302: Heap overflow in the GPU process.\nCredit to Christoph Diehl.\n\nFixed in 10.0.648.204 : [72517] High CVE-2011-1291: Buffer error in base string handling. Credit to Alex Turpin. [73216] High CVE-2011-1292: Use-after-free in the frame loader. Credit to Slawomir Blazek. [73595] High CVE-2011-1293: Use-after-free in HTMLCollection.\nCredit to Sergey Glazunov. [74562] High CVE-2011-1294: Stale pointer in CSS handling. Credit to Sergey Glazunov. [74991] High CVE-2011-1295: DOM tree corruption with broken node parentage. Credit to Sergey Glazunov. [75170] High CVE-2011-1296: Stale pointer in SVG text handling. Credit to Sergey Glazunov.\n\nFixed in 10.0.648.133 : [75712] High Memory corruption in style handling. Credit to Vincenzo Iozzo, Ralf Philipp Weinmann and Willem Pinckaers reported through ZDI.\n\nFixed in 10.0.648.127 : [42765] Low Possible to navigate or close the top location in a sandboxed frame. Credit to sirdarckcat of the Google Security Team. [Linux only] [49747] Low Work around an X server bug and crash with long messages. Credit to Louis Lang. [Linux only] [66962] Low Possible browser crash with parallel print()s. Credit to Aki Helin of OUSPG. [69187] Medium Cross-origin error message leak.\nCredit to Daniel Divricean. [69628] High Memory corruption with counter nodes. Credit to Martin Barbella. [70027] High Stale node in box layout. Credit to Martin Barbella. [70336] Medium Cross-origin error message leak with workers. Credit to Daniel Divricean. [70442] High Use after free with DOM URL handling. Credit to Sergey Glazunov.\n[Linux only] [70779] Medium Out of bounds read handling unicode ranges. Credit to miaubiz. [70877] High Same origin policy bypass in v8. Credit to Daniel Divricean. [70885] [71167] Low Pop-up blocker bypasses. Credit to Chamal de Silva. [71763] High Use-after-free in document script lifetime handling. Credit to miaubiz. [71788] High Out-of-bounds write in the OGG container. Credit to Google Chrome Security Team (SkyLined); plus subsequent independent discovery by David Weston of Microsoft and MSVR. [72028] High Stale pointer in table painting. Credit to Martin Barbella. [73026] High Use of corrupt out-of-bounds structure in video code. Credit to Tavis Ormandy of the Google Security Team. [73066] High Crash with the DataView object.\nCredit to Sergey Glazunov. [73134] High Bad cast in text rendering.\nCredit to miaubiz. [73196] High Stale pointer in WebKit context code.\nCredit to Sergey Glazunov. [73716] Low Leak of heap address in XSLT.\nCredit to Google Chrome Security Team (Chris Evans). [73746] High Stale pointer with SVG cursors. Credit to Sergey Glazunov. [74030] High DOM tree corruption with attribute handling. Credit to Sergey Glazunov. [74662] High Corruption via re-entrancy of RegExp code.\nCredit to Christian Holler. [74675] High Invalid memory access in v8.\nCredit to Christian Holler.\n\nFixed in 9.0.597.107 : [54262] High URL bar spoof. Credit to Jordi Chancel. [63732] High Crash with JavaScript dialogs. Credit to Sergey Radchenko. [68263] High Stylesheet node stale pointer. Credit to Sergey Glazunov. [68741] High Stale pointer with key frame rule.\nCredit to Sergey Glazunov. [70078] High Crash with forms controls.\nCredit to Stefan van Zanden. [70244] High Crash in SVG rendering.\nCredit to Slawomir Blazek. [64-bit Linux only] [70376] Medium Out-of-bounds read in pickle deserialization. Credit to Evgeniy Stepanov of the Chromium development community. [71114] High Stale node in table handling. Credit to Martin Barbella. [71115] High Stale pointer in table rendering. Credit to Martin Barbella. [71296] High Stale pointer in SVG animations. Credit to miaubiz. [71386] High Stale nodes in XHTML. Credit to wushi of team509. [71388] High Crash in textarea handling. Credit to wushi of team509. [71595] High Stale pointer in device orientation. Credit to Sergey Glazunov. [71717] Medium Out-of-bounds read in WebGL. Credit to miaubiz. [71855] High Integer overflow in textarea handling. Credit to miaubiz. [71960] Medium Out-of-bounds read in WebGL. Credit to Google Chrome Security Team (Inferno). [72214] High Accidental exposure of internal extension functions. Credit to Tavis Ormandy of the Google Security Team.\n[72437] High Use-after-free with blocked plug-ins. Credit to Chamal de Silva. [73235] High Stale pointer in layout. Credit to Martin Barbella.\n\nFixed in 9.0.597.94 : [67234] High Stale pointer in animation event handling. Credit to Rik Cabanier. [68120] High Use-after-free in SVG font faces. Credit to miaubiz. [69556] High Stale pointer with anonymous block handling. Credit to Martin Barbella. [69970] Medium Out-of-bounds read in plug-in handling. Credit to Bill Budge of Google. [70456] Medium Possible failure to terminate process on out-of-memory condition. Credit to David Warren of CERT/CC.\n\nFixed in 9.0.597.84 : [Mac only] [42989] Low Minor sandbox leak via stat(). Credit to Daniel Cheng of the Chromium development community.\n[55831] High Use-after-free in image loading. Credit to Aki Helin of OUSPG. [59081] Low Apply some restrictions to cross-origin drag + drop. Credit to Google Chrome Security Team (SkyLined) and the Google Security Team (Michal Zalewski, David Bloom). [62791] Low Browser crash with extension with missing key. Credit to Brian Kirchoff.\n[64051] High Crashing when printing in PDF event handler. Credit to Aki Helin of OUSPG. [65669] Low Handle merging of autofill profiles more gracefully. Credit to Google Chrome Security Team (Inferno). [Mac only] [66931] Low Work around a crash in the Mac OS 10.5 SSL libraries. Credit to Dan Morrison. [68244] Low Browser crash with bad volume setting. Credit to Matthew Heidermann. [69195] Critical Race condition in audio handling. Credit to the gamers of Reddit!\n\nFixed in 8.0.552.237 : [58053] Medium Browser crash in extensions notification handling. Credit to Eric Roman of the Chromium development community. [65764] High Bad pointer handling in node iteration. Credit to Sergey Glazunov. [66334] High Crashes when printing multi-page PDFs. Credit to Google Chrome Security Team (Chris Evans). [66560] High Stale pointer with CSS + canvas. Credit to Sergey Glazunov. [66748] High Stale pointer with CSS + cursors. Credit to Jan Tosovsk. [67100] High Use after free in PDF page handling. Credit to Google Chrome Security Team (Chris Evans). [67208] High Stack corruption after PDF out-of-memory condition. Credit to Jared Allar of CERT. [67303] High Bad memory access with mismatched video frame sizes. Credit to Aki Helin of OUSPG; plus independent discovery by Google Chrome Security Team (SkyLined) and David Warren of CERT.\n[67363] High Stale pointer with SVG use element. Credited anonymously;\nplus indepdent discovery by miaubiz. [67393] Medium Uninitialized pointer in the browser triggered by rogue extension. Credit to kuzzcc.\n[68115] High Vorbis decoder buffer overflows. Credit to David Warren of CERT. [68170] High Buffer overflow in PDF shading. Credit to Aki Helin of OUSPG. [68178] High Bad cast in anchor handling. Credit to Sergey Glazunov. [68181] High Bad cast in video handling. Credit to Sergey Glazunov. [68439] High Stale rendering node after DOM node removal. Credit to Martin Barbella; plus independent discovery by Google Chrome Security Team (SkyLined). [68666] Critical Stale pointer in speech handling. Credit to Sergey Glazunov.\n\nFixed in 8.0.552.224 : [64-bit Linux only] [56449] High Bad validation for message deserialization on 64-bit builds. Credit to Lei Zhang of the Chromium development community. [60761] Medium Bad extension can cause browser crash in tab handling. Credit to kuzzcc. [63529] Low Browser crash with NULL pointer in web worker handling. Credit to Nathan Weizenbaum of Google. [63866] Medium Out-of-bounds read in CSS parsing. Credit to Chris Rohlf. [64959] High Stale pointers in cursor handling. Credit to Slawomir Blazek and Sergey Glazunov.\n\nFixed in 8.0.552.215 : [17655] Low Possible pop-up blocker bypass.\nCredit to Google Chrome Security Team (SkyLined). [55745] Medium Cross-origin video theft with canvas. Credit to Nirankush Panchbhai and Microsoft Vulnerability Research (MSVR). [56237] Low Browser crash with HTML5 databases. Credit to Google Chrome Security Team (Inferno).\n[58319] Low Prevent excessive file dialogs, possibly leading to browser crash. Credit to Cezary Tomczak (gosu.pl). [59554] High Use after free in history handling. Credit to Stefan Troger. [Linux / Mac] [59817] Medium Make sure the 'dangerous file types' list is uptodate with the Windows platforms. Credit to Billy Rios of the Google Security Team. [61701] Low Browser crash with HTTP proxy authentication. Credit to Mohammed Bouhlel. [61653] Medium Out-of-bounds read regression in WebM video support. Credit to Google Chrome Security Team (Chris Evans), based on earlier testcases from Mozilla and Microsoft (MSVR). [62127] High Crash due to bad indexing with malformed video. Credit to miaubiz. [62168] Medium Possible browser memory corruption via malicious privileged extension. Credit to kuzzcc. [62401] High Use after free with SVG animations. Credit to Slawomir Blazek. [63051] Medium Use after free in mouse dragging event handling. Credit to kuzzcc. [63444] High Double free in XPath handling. Credit to Yang Dingning from NCNIPC, Graduate University of Chinese Academy of Sciences.\n\nFixed in 7.0.517.44 : [51602] High Use-after-free in text editing.\nCredit to David Bloom of the Google Security Team, Google Chrome Security Team (Inferno) and Google Chrome Security Team (Cris Neckar).\n[55257] High Memory corruption with enormous text area. Credit to wushi of team509. [58657] High Bad cast with the SVG use element.\nCredit to the kuzzcc. [58731] High Invalid memory read in XPath handling. Credit to Bui Quang Minh from Bkis (www.bkis.com). [58741] High Use-after-free in text control selections. Credit to 'vkouchna'.\n[Linux only] [59320] High Integer overflows in font handling. Credit to Aki Helin of OUSPG. [60055] High Memory corruption in libvpx.\nCredit to Christoph Diehl. [60238] High Bad use of destroyed frame object. Credit to various developers, including 'gundlach'. [60327] [60769] [61255] High Type confusions with event objects. Credit to 'fam.lam' and Google Chrome Security Team (Inferno). [60688] High Out-of-bounds array access in SVG handling. Credit to wushi of team509.\n\nFixed in 7.0.517.43 : [48225] [51727] Medium Possible autofill / autocomplete profile spamming. Credit to Google Chrome Security Team (Inferno). [48857] High Crash with forms. Credit to the Chromium development community. [50428] Critical Browser crash with form autofill. Credit to the Chromium development community. [51680] High Possible URL spoofing on page unload. Credit to kuzzcc; plus independent discovery by Jordi Chancel. [53002] Low Pop-up block bypass. Credit to kuzzcc. [53985] Medium Crash on shutdown with Web Sockets. Credit to the Chromium development community. [Linux only] [54132] Low Bad construction of PATH variable. Credit to Dan Rosenberg, Virtual Security Research. [54500] High Possible memory corruption with animated GIF. Credit to Simon Schaak. [Linux only] [54794] High Failure to sandbox worker processes on Linux. Credit to Google Chrome Security Team (Chris Evans). [56451] High Stale elements in an element map. Credit to Michal Zalewski of the Google Security Team.", "modified": "2018-06-29T00:00:00", "id": "FREEBSD_PKG_6887828F022911E0B84D00262D5ED8EE.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=51069", "published": "2010-12-08T00:00:00", "title": "FreeBSD : chromium -- multiple vulnerabilities (6887828f-0229-11e0-b84d-00262d5ed8ee)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2015 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(51069);\n script_version(\"1.31\");\n script_cvs_date(\"Date: 2018/06/29 12:01:00\");\n\n script_cve_id(\"CVE-2011-1290\", \"CVE-2011-1291\", \"CVE-2011-1292\", \"CVE-2011-1293\", \"CVE-2011-1294\", \"CVE-2011-1295\", \"CVE-2011-1296\", \"CVE-2011-1301\", \"CVE-2011-1302\", \"CVE-2011-1303\", \"CVE-2011-1304\", \"CVE-2011-1305\", \"CVE-2011-1434\", \"CVE-2011-1435\", \"CVE-2011-1436\", \"CVE-2011-1437\", \"CVE-2011-1438\", \"CVE-2011-1439\", \"CVE-2011-1440\", \"CVE-2011-1441\", \"CVE-2011-1442\", \"CVE-2011-1443\", \"CVE-2011-1444\", \"CVE-2011-1445\", \"CVE-2011-1446\", \"CVE-2011-1447\", \"CVE-2011-1448\", \"CVE-2011-1449\", \"CVE-2011-1450\", \"CVE-2011-1451\", \"CVE-2011-1452\", \"CVE-2011-1454\", \"CVE-2011-1455\", \"CVE-2011-1456\", \"CVE-2011-1799\", \"CVE-2011-1800\", \"CVE-2011-1801\", \"CVE-2011-1804\", \"CVE-2011-1806\", \"CVE-2011-1807\", \"CVE-2011-1808\", \"CVE-2011-1809\", \"CVE-2011-1810\", \"CVE-2011-1811\", \"CVE-2011-1812\", \"CVE-2011-1813\", \"CVE-2011-1814\", \"CVE-2011-1815\", \"CVE-2011-1816\", \"CVE-2011-1817\", \"CVE-2011-1818\", \"CVE-2011-1819\", \"CVE-2011-2332\", \"CVE-2011-2342\", \"CVE-2011-2345\", \"CVE-2011-2346\", \"CVE-2011-2347\", \"CVE-2011-2348\", \"CVE-2011-2349\", \"CVE-2011-2350\", \"CVE-2011-2351\", \"CVE-2011-2358\", \"CVE-2011-2359\", \"CVE-2011-2360\", \"CVE-2011-2361\", \"CVE-2011-2782\", \"CVE-2011-2783\", \"CVE-2011-2784\", \"CVE-2011-2785\", \"CVE-2011-2786\", \"CVE-2011-2787\", \"CVE-2011-2788\", \"CVE-2011-2789\", \"CVE-2011-2790\", \"CVE-2011-2791\", \"CVE-2011-2792\", \"CVE-2011-2793\", \"CVE-2011-2794\", \"CVE-2011-2795\", \"CVE-2011-2796\", \"CVE-2011-2797\", \"CVE-2011-2798\", \"CVE-2011-2799\", \"CVE-2011-2800\", \"CVE-2011-2801\", \"CVE-2011-2802\", \"CVE-2011-2803\", \"CVE-2011-2804\", \"CVE-2011-2805\", \"CVE-2011-2818\", \"CVE-2011-2819\", \"CVE-2011-2821\", \"CVE-2011-2823\", \"CVE-2011-2824\", \"CVE-2011-2825\", \"CVE-2011-2826\", \"CVE-2011-2827\", \"CVE-2011-2828\", \"CVE-2011-2829\", \"CVE-2011-2834\", \"CVE-2011-2835\", \"CVE-2011-2836\", \"CVE-2011-2837\", \"CVE-2011-2838\", \"CVE-2011-2839\", \"CVE-2011-2840\", \"CVE-2011-2841\", \"CVE-2011-2842\", \"CVE-2011-2843\", \"CVE-2011-2844\", \"CVE-2011-2845\", \"CVE-2011-2846\", \"CVE-2011-2847\", \"CVE-2011-2848\", \"CVE-2011-2849\", \"CVE-2011-2850\", \"CVE-2011-2851\", \"CVE-2011-2852\", \"CVE-2011-2853\", \"CVE-2011-2854\", \"CVE-2011-2855\", \"CVE-2011-2856\", \"CVE-2011-2857\", \"CVE-2011-2858\", \"CVE-2011-2859\", \"CVE-2011-2860\", \"CVE-2011-2861\", \"CVE-2011-2862\", \"CVE-2011-2864\", \"CVE-2011-2874\", \"CVE-2011-2875\", \"CVE-2011-2876\", \"CVE-2011-2877\", \"CVE-2011-2878\", \"CVE-2011-2879\", \"CVE-2011-2880\", \"CVE-2011-2881\", \"CVE-2011-3234\", \"CVE-2011-3873\", \"CVE-2011-3875\", \"CVE-2011-3876\", \"CVE-2011-3877\", \"CVE-2011-3878\", \"CVE-2011-3879\", \"CVE-2011-3880\", \"CVE-2011-3881\", \"CVE-2011-3882\", \"CVE-2011-3883\", \"CVE-2011-3884\", \"CVE-2011-3885\", \"CVE-2011-3886\", \"CVE-2011-3887\", \"CVE-2011-3888\", \"CVE-2011-3889\", \"CVE-2011-3890\", \"CVE-2011-3891\", \"CVE-2011-3892\", \"CVE-2011-3893\", \"CVE-2011-3894\", \"CVE-2011-3895\", \"CVE-2011-3896\", \"CVE-2011-3897\", \"CVE-2011-3898\", \"CVE-2011-3900\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (6887828f-0229-11e0-b84d-00262d5ed8ee)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Google Chrome Releases reports :\n\nFixed in 15.0.874.121 : [103259] High CVE-2011-3900: Out-of-bounds\nwrite in v8. Credit to Christian Holler.\n\nFixed in 15.0.874.120 : [100465] High CVE-2011-3892: Double free in\nTheora decoder. Credit to Aki Helin of OUSPG. [100492] [100543] Medium\nCVE-2011-3893: Out of bounds reads in MKV and Vorbis media handlers.\nCredit to Aki Helin of OUSPG. [101172] High CVE-2011-3894: Memory\ncorruption regression in VP8 decoding. Credit to Andrew Scherkus of\nthe Chromium development community. [101458] High CVE-2011-3895: Heap\noverflow in Vorbis decoder. Credit to Aki Helin of OUSPG. [101624]\nHigh CVE-2011-3896: Buffer overflow in shader variable mapping. Credit\nto Ken 'strcpy' Russell of the Chromium development community.\n[102242] High CVE-2011-3897: Use-after-free in editing. Credit to\npa_kt reported through ZDI (ZDI-CAN-1416). [102461] Low CVE-2011-3898:\nFailure to ask for permission to run applets in JRE7. Credit to Google\nChrome Security Team (Chris Evans).\n\nFixed in 15.0.874.102 : [86758] High CVE-2011-2845: URL bar spoof in\nhistory handling. Credit to Jordi Chancel. [88949] Medium\nCVE-2011-3875: URL bar spoof with drag+drop of URLs. Credit to Jordi\nChancel. [90217] Low CVE-2011-3876: Avoid stripping whitespace at the\nend of download filenames. Credit to Marc Novak. [91218] Low\nCVE-2011-3877: XSS in appcache internals page. Credit to Google Chrome\nSecurity Team (Tom Sepez) plus independent discovery by Juho Nurminen.\n[94487] Medium CVE-2011-3878: Race condition in worker process\ninitialization. Credit to miaubiz. [95374] Low CVE-2011-3879: Avoid\nredirect to chrome scheme URIs. Credit to Masato Kinugawa. [95992] Low\nCVE-2011-3880: Don't permit as a HTTP header delimiter. Credit to\nVladimir Vorontsov, ONsec company. [96047] [96885] [98053] [99512]\n[99750] High CVE-2011-3881 : Cross-origin policy violations. Credit to\nSergey Glazunov. [96292] High CVE-2011-3882: Use-after-free in media\nbuffer handling. Credit to Google Chrome Security Team (Inferno).\n[96902] High CVE-2011-3883: Use-after-free in counter handling. Credit\nto miaubiz. [97148] High CVE-2011-3884: Timing issues in DOM\ntraversal. Credit to Brian Ryner of the Chromium development\ncommunity. [97599] [98064] [98556] [99294] [99880] [100059] High\nCVE-2011-3885 : Stale style bugs leading to use-after-free. Credit to\nmiaubiz. [98773] [99167] High CVE-2011-3886: Out of bounds writes in\nv8. Credit to Christian Holler. [98407] Medium CVE-2011-3887: Cookie\ntheft with javascript URIs. Credit to Sergey Glazunov. [99138] High\nCVE-2011-3888: Use-after-free with plug-in and editing. Credit to\nmiaubiz. [99211] High CVE-2011-3889: Heap overflow in Web Audio.\nCredit to miaubiz. [99553] High CVE-2011-3890: Use-after-free in video\nsource handling. Credit to Ami Fischman of the Chromium development\ncommunity. [100332] High CVE-2011-3891: Exposure of internal v8\nfunctions. Credit to Steven Keuchel of the Chromium development\ncommunity plus independent discovery by Daniel Divricean.\n\nFixed in 14.0.835.202 : [93788] High CVE-2011-2876: Use-after-free in\ntext line box handling. Credit to miaubiz. [95072] High CVE-2011-2877:\nStale font in SVG text handling. Credit to miaubiz. [95671] High\nCVE-2011-2878: Inappropriate cross-origin access to the window\nprototype. Credit to Sergey Glazunov. [96150] High CVE-2011-2879:\nLifetime and threading issues in audio node handling. Credit to Google\nChrome Security Team (Inferno). [97451] [97520] [97615] High\nCVE-2011-2880: Use-after-free in the v8 bindings. Credit to Sergey\nGlazunov. [97784] High CVE-2011-2881: Memory corruption with v8 hidden\nobjects. Credit to Sergey Glazunov. [98089] Critical CVE-2011-3873:\nMemory corruption in shader translator. Credit to Zhenyao Mo of the\nChromium development community.\n\nFixed in 14.0.835.163 : [49377] High CVE-2011-2835: Race condition in\nthe certificate cache. Credit to Ryan Sleevi of the Chromium\ndevelopment community. [51464] Low CVE-2011-2836: Infobar the Windows\nMedia Player plug-in to avoid click-free access to the system Flash.\nCredit to electronixtar. [Linux only] [57908] Low CVE-2011-2837: Use\nPIC / pie compiler flags. Credit to wbrana. [75070] Low CVE-2011-2838:\nTreat MIME type more authoritatively when loading plug-ins. Credit to\nMichal Zalewski of the Google Security Team. [76771] High\nCVE-2011-2839: Crash in v8 script object wrappers. Credit to Kostya\nSerebryany of the Chromium development community. [78427] [83031] Low\nCVE-2011-2840: Possible URL bar spoofs with unusual user interaction.\nCredit to kuzzcc. [78639] High CVE-2011-2841: Garbage collection error\nin PDF. Credit to Mario Gomes. [82438] Medium CVE-2011-2843:\nOut-of-bounds read with media buffers. Credit to Kostya Serebryany of\nthe Chromium development community. [85041] Medium CVE-2011-2844:\nOut-of-bounds read with mp3 files. Credit to Mario Gomes. [89219] High\nCVE-2011-2846: Use-after-free in unload event handling. Credit to\nArthur Gerkis. [89330] High CVE-2011-2847: Use-after-free in document\nloader. Credit to miaubiz. [89564] Medium CVE-2011-2848: URL bar spoof\nwith forward button. Credit to Jordi Chancel. [89795] Low\nCVE-2011-2849: Browser NULL pointer crash with WebSockets. Credit to\nArthur Gerkis. [89991] Medium CVE-2011-3234: Out-of-bounds read in box\nhandling. Credit to miaubiz. [90134] Medium CVE-2011-2850:\nOut-of-bounds read with Khmer characters. Credit to miaubiz. [90173]\nMedium CVE-2011-2851: Out-of-bounds read in video handling. Credit to\nGoogle Chrome Security Team (Inferno). [91120] High CVE-2011-2852:\nOff-by-one in v8. Credit to Christian Holler. [91197] High\nCVE-2011-2853: Use-after-free in plug-in handling. Credit to Google\nChrome Security Team (SkyLined). [92651] [94800] High CVE-2011-2854:\nUse-after-free in ruby / table style handing. Credit to Slawomir\nBlazek, and independent later discoveries by miaubiz and Google Chrome\nSecurity Team (Inferno). [92959] High CVE-2011-2855: Stale node in\nstylesheet handling. Credit to Arthur Gerkis. [93416] High\nCVE-2011-2856: Cross-origin bypass in v8. Credit to Daniel Divricean.\n[93420] High CVE-2011-2857: Use-after-free in focus controller. Credit\nto miaubiz. [93472] High CVE-2011-2834: Double free in libxml XPath\nhandling. Credit to Yang Dingning from NCNIPC, Graduate University of\nChinese Academy of Sciences. [93497] Medium CVE-2011-2859: Incorrect\npermissions assigned to non-gallery pages. Credit to Bernhard 'Bruhns'\nBrehm of Recurity Labs. [93587] High CVE-2011-2860: Use-after-free in\ntable style handling. Credit to miaubiz. [93596] Medium CVE-2011-2861:\nBad string read in PDF. Credit to Aki Helin of OUSPG. [93906] High\nCVE-2011-2862: Unintended access to v8 built-in objects. Credit to\nSergey Glazunov. [95563] Medium CVE-2011-2864: Out-of-bounds read with\nTibetan characters. Credit to Google Chrome Security Team (Inferno).\n[95625] Medium CVE-2011-2858: Out-of-bounds read with triangle arrays.\nCredit to Google Chrome Security Team (Inferno). [95917] Low\nCVE-2011-2874: Failure to pin a self-signed cert for a session. Credit\nto Nishant Yadant of VMware and Craig Chamberlain (@randomuserid).\nHigh CVE-2011-2875: Type confusion in v8 object sealing. Credit to\nChristian Holler.\n\nFixed in 13.0.782.215 : [89402] High CVE-2011-2821: Double free in\nlibxml XPath handling. Credit to Yang Dingning from NCNIPC, Graduate\nUniversity of Chinese Academy of Sciences. [82552] High CVE-2011-2823:\nUse-after-free in line box handling. Credit to Google Chrome Security\nTeam (SkyLined) and independent later discovery by miaubiz. [88216]\nHigh CVE-2011-2824: Use-after-free with counter nodes. Credit to\nmiaubiz. [88670] High CVE-2011-2825: Use-after-free with custom fonts.\nCredit to wushi of team509 reported through ZDI (ZDI-CAN-1283), plus\nindepdendent later discovery by miaubiz. [87453] High CVE-2011-2826:\nCross-origin violation with empty origins. Credit to Sergey Glazunov.\n[90668] High CVE-2011-2827: Use-after-free in text searching. Credit\nto miaubiz. [91517] High CVE-2011-2828: Out-of-bounds write in v8.\nCredit to Google Chrome Security Team (SkyLined). [32-bit only]\n[91598] High CVE-2011-2829: Integer overflow in uniform arrays. Credit\nto Sergey Glazunov. [Linux only] [91665] High CVE-2011-2839: Buggy\nmemset() in PDF. Credit to Aki Helin of OUSPG.\n\nFixed in 13.0.782.107 : [75821] Medium CVE-2011-2358: Always confirm\nan extension install via a browser dialog. Credit to Sergey Glazunov.\n[78841] High CVE-2011-2359: Stale pointer due to bad line box tracking\nin rendering. Credit to miaubiz and Martin Barbella. [79266] Low\nCVE-2011-2360: Potential bypass of dangerous file prompt. Credit to\nkuzzcc. [79426] Low CVE-2011-2361: Improve designation of strings in\nthe basic auth dialog. Credit to kuzzcc. [Linux only] [81307] Medium\nCVE-2011-2782: File permissions error with drag and drop. Credit to\nEvan Martin of the Chromium development community. [83273] Medium\nCVE-2011-2783: Always confirm a developer mode NPAPI extension install\nvia a browser dialog. Credit to Sergey Glazunov. [83841] Low\nCVE-2011-2784: Local file path disclosure via GL program log. Credit\nto kuzzcc. [84402] Low CVE-2011-2785: Sanitize the homepage URL in\nextensions. Credit to kuzzcc. [84600] Low CVE-2011-2786: Make sure the\nspeech input bubble is always on-screen. Credit to Olli Pettay of\nMozilla. [84805] Medium CVE-2011-2787: Browser crash due to GPU lock\nre-entrancy issue. Credit to kuzzcc. [85559] Low CVE-2011-2788: Buffer\noverflow in inspector serialization. Credit to Mikolaj Malecki.\n[85808] Medium CVE-2011-2789: Use after free in Pepper plug-in\ninstantiation. Credit to Mario Gomes and kuzzcc. [86502] High\nCVE-2011-2790: Use-after-free with floating styles. Credit to miaubiz.\n[86900] High CVE-2011-2791: Out-of-bounds write in ICU. Credit to Yang\nDingning from NCNIPC, Graduate University of Chinese Academy of\nSciences. [87148] High CVE-2011-2792: Use-after-free with float\nremoval. Credit to miaubiz. [87227] High CVE-2011-2793: Use-after-free\nin media selectors. Credit to miaubiz. [87298] Medium CVE-2011-2794:\nOut-of-bounds read in text iteration. Credit to miaubiz. [87339]\nMedium CVE-2011-2795: Cross-frame function leak. Credit to Shih\nWei-Long. [87548] High CVE-2011-2796: Use-after-free in Skia. Credit\nto Google Chrome Security Team (Inferno) and Kostya Serebryany of the\nChromium development community. [87729] High CVE-2011-2797:\nUse-after-free in resource caching. Credit to miaubiz. [87815] Low\nCVE-2011-2798: Prevent a couple of internal schemes from being web\naccessible. Credit to sirdarckcat of the Google Security Team. [87925]\nHigh CVE-2011-2799: Use-after-free in HTML range handling. Credit to\nmiaubiz. [88337] Medium CVE-2011-2800: Leak of client-side redirect\ntarget. Credit to Juho Nurminen. [88591] High CVE-2011-2802: v8 crash\nwith const lookups. Credit to Christian Holler. [88827] Medium\nCVE-2011-2803: Out-of-bounds read in Skia paths. Credit to Google\nChrome Security Team (Inferno). [88846] High CVE-2011-2801:\nUse-after-free in frame loader. Credit to miaubiz. [88889] High\nCVE-2011-2818: Use-after-free in display box rendering. Credit to\nMartin Barbella. [89142] High CVE-2011-2804: PDF crash with nested\nfunctions. Credit to Aki Helin of OUSPG. [89520] High CVE-2011-2805:\nCross-origin script injection. Credit to Sergey Glazunov. [90222] High\nCVE-2011-2819: Cross-origin violation in base URI handling. Credit to\nSergey Glazunov.\n\nFixed in 12.0.742.112 : [77493] Medium CVE-2011-2345: Out-of-bounds\nread in NPAPI string handling. Credit to Philippe Arteau. [84355] High\nCVE-2011-2346: Use-after-free in SVG font handling. Credit to miaubiz.\n[85003] High CVE-2011-2347: Memory corruption in CSS parsing. Credit\nto miaubiz. [85102] High CVE-2011-2350: Lifetime and re-entrancy\nissues in the HTML parser. Credit to miaubiz. [85177] High\nCVE-2011-2348: Bad bounds check in v8. Credit to Aki Helin of OUSPG.\n[85211] High CVE-2011-2351: Use-after-free with SVG use element.\nCredit to miaubiz. [85418] High CVE-2011-2349: Use-after-free in text\nselection. Credit to miaubiz.\n\nFixed in 12.0.742.91 : [73962] [79746] High CVE-2011-1808:\nUse-after-free due to integer issues in float handling. Credit to\nmiaubiz. [75496] Medium CVE-2011-1809: Use-after-free in accessibility\nsupport. Credit to Google Chrome Security Team (SkyLined). [75643] Low\nCVE-2011-1810: Visit history information leak in CSS. Credit to Jesse\nMohrland of Microsoft and Microsoft Vulnerability Research (MSVR).\n[76034] Low CVE-2011-1811: Browser crash with lots of form\nsubmissions. Credit to 'DimitrisV22'. [77026] Medium CVE-2011-1812:\nExtensions permission bypass. Credit to kuzzcc. [78516] High\nCVE-2011-1813: Stale pointer in extension framework. Credit to Google\nChrome Security Team (Inferno). [79362] Medium CVE-2011-1814: Read\nfrom uninitialized pointer. Credit to Eric Roman of the Chromium\ndevelopment community. [79862] Low CVE-2011-1815: Extension script\ninjection into new tab page. Credit to kuzzcc. [80358] Medium\nCVE-2011-1816: Use-after-free in developer tools. Credit to kuzzcc.\n[81916] Medium CVE-2011-1817: Browser memory corruption in history\ndeletion. Credit to Collin Payne. [81949] High CVE-2011-1818:\nUse-after-free in image loader. Credit to miaubiz. [83010] Medium\nCVE-2011-1819: Extension injection into chrome:// pages. Credit to\nVladislavas Jarmalis, plus subsequent independent discovery by Sergey\nGlazunov. [83275] High CVE-2011-2332: Same origin bypass in v8. Credit\nto Sergey Glazunov. [83743] High CVE-2011-2342: Same origin bypass in\nDOM. Credit to Sergey Glazunov.\n\nFixed in 11.0.696.71 : [72189] Low CVE-2011-1801: Pop-up blocker\nbypass. Credit to Chamal De Silva. [82546] High CVE-2011-1804: Stale\npointer in floats rendering. Credit to Martin Barbella. [82873]\nCritical CVE-2011-1806: Memory corruption in GPU command buffer.\nCredit to Google Chrome Security Team (Cris Neckar). [82903] Critical\nCVE-2011-1807: Out-of-bounds write in blob handling. Credit to Google\nChrome Security Team (Inferno) and Kostya Serebryany of the Chromium\ndevelopment community.\n\nFixed in 11.0.696.68 : [64046] High CVE-2011-1799: Bad casts in\nChromium WebKit glue. Credit to Google Chrome Security Team\n(SkyLined). [80608] High CVE-2011-1800: Integer overflows in SVG\nfilters. Credit to Google Chrome Security Team (Cris Neckar).\n\nFixed in 11.0.696.57 : [61502] High CVE-2011-1303: Stale pointer in\nfloating object handling. Credit to Scott Hess of the Chromium\ndevelopment community and Martin Barbella. [70538] Low CVE-2011-1304:\nPop-up block bypass via plug-ins. Credit to Chamal De Silva. [Linux /\nMac only] [70589] Medium CVE-2011-1305: Linked-list race in database\nhandling. Credit to Kostya Serebryany of the Chromium development\ncommunity. [71586] Medium CVE-2011-1434: Lack of thread safety in MIME\nhandling. Credit to Aki Helin. [72523] Medium CVE-2011-1435: Bad\nextension with 'tabs' permission can capture local files. Credit to\nCole Snodgrass. [Linux only] [72910] Low CVE-2011-1436: Possible\nbrowser crash due to bad interaction with X. Credit to miaubiz.\n[73526] High CVE-2011-1437: Integer overflows in float rendering.\nCredit to miaubiz. [74653] High CVE-2011-1438: Same origin policy\nviolation with blobs. Credit to kuzzcc. [Linux only] [74763] High\nCVE-2011-1439: Prevent interference between renderer processes. Credit\nto Julien Tinnes of the Google Security Team. [75186] High\nCVE-2011-1440: Use-after-free with <ruby> tag and CSS. Credit to Jose\nA. Vazquez. [75347] High CVE-2011-1441: Bad cast with floating select\nlists. Credit to Michael Griffiths. [75801] High CVE-2011-1442:\nCorrupt node trees with mutation events. Credit to Sergey Glazunov and\nwushi of team 509. [76001] High CVE-2011-1443: Stale pointers in\nlayering code. Credit to Martin Barbella. [Linux only] [76542] High\nCVE-2011-1444: Race condition in sandbox launcher. Credit to Dan\nRosenberg. Medium CVE-2011-1445: Out-of-bounds read in SVG. Credit to\nwushi of team509. [76666] [77507] [78031] High CVE-2011-1446: Possible\nURL bar spoofs with navigation errors and interrupted loads. Credit to\nkuzzcc. [76966] High CVE-2011-1447: Stale pointer in drop-down list\nhandling. Credit to miaubiz. [77130] High CVE-2011-1448: Stale pointer\nin height calculations. Credit to wushi of team509. [77346] High\nCVE-2011-1449: Use-after-free in WebSockets. Credit to Marek\nMajkowski. Low CVE-2011-1450: Dangling pointers in file dialogs.\nCredit to kuzzcc. [77463] High CVE-2011-1451: Dangling pointers in DOM\nid map. Credit to Sergey Glazunov. [77786] Medium CVE-2011-1452: URL\nbar spoof with redirect and manual reload. Credit to Jordi Chancel.\n[79199] High CVE-2011-1454: Use-after-free in DOM id handling. Credit\nto Sergey Glazunov. [79361] Medium CVE-2011-1455: Out-of-bounds read\nwith multipart-encoded PDF. Credit to Eric Roman of the Chromium\ndevelopment community. [79364] High CVE-2011-1456: Stale pointers with\nPDF forms. Credit to Eric Roman of the Chromium development community.\n\nFixed in 10.0.648.205 : [75629] Critical CVE-2011-1301: Use-after-free\nin the GPU process. Credit to Google Chrome Security Team (Inferno).\n[78524] Critical CVE-2011-1302: Heap overflow in the GPU process.\nCredit to Christoph Diehl.\n\nFixed in 10.0.648.204 : [72517] High CVE-2011-1291: Buffer error in\nbase string handling. Credit to Alex Turpin. [73216] High\nCVE-2011-1292: Use-after-free in the frame loader. Credit to Slawomir\nBlazek. [73595] High CVE-2011-1293: Use-after-free in HTMLCollection.\nCredit to Sergey Glazunov. [74562] High CVE-2011-1294: Stale pointer\nin CSS handling. Credit to Sergey Glazunov. [74991] High\nCVE-2011-1295: DOM tree corruption with broken node parentage. Credit\nto Sergey Glazunov. [75170] High CVE-2011-1296: Stale pointer in SVG\ntext handling. Credit to Sergey Glazunov.\n\nFixed in 10.0.648.133 : [75712] High Memory corruption in style\nhandling. Credit to Vincenzo Iozzo, Ralf Philipp Weinmann and Willem\nPinckaers reported through ZDI.\n\nFixed in 10.0.648.127 : [42765] Low Possible to navigate or close the\ntop location in a sandboxed frame. Credit to sirdarckcat of the Google\nSecurity Team. [Linux only] [49747] Low Work around an X server bug\nand crash with long messages. Credit to Louis Lang. [Linux only]\n[66962] Low Possible browser crash with parallel print()s. Credit to\nAki Helin of OUSPG. [69187] Medium Cross-origin error message leak.\nCredit to Daniel Divricean. [69628] High Memory corruption with\ncounter nodes. Credit to Martin Barbella. [70027] High Stale node in\nbox layout. Credit to Martin Barbella. [70336] Medium Cross-origin\nerror message leak with workers. Credit to Daniel Divricean. [70442]\nHigh Use after free with DOM URL handling. Credit to Sergey Glazunov.\n[Linux only] [70779] Medium Out of bounds read handling unicode\nranges. Credit to miaubiz. [70877] High Same origin policy bypass in\nv8. Credit to Daniel Divricean. [70885] [71167] Low Pop-up blocker\nbypasses. Credit to Chamal de Silva. [71763] High Use-after-free in\ndocument script lifetime handling. Credit to miaubiz. [71788] High\nOut-of-bounds write in the OGG container. Credit to Google Chrome\nSecurity Team (SkyLined); plus subsequent independent discovery by\nDavid Weston of Microsoft and MSVR. [72028] High Stale pointer in\ntable painting. Credit to Martin Barbella. [73026] High Use of corrupt\nout-of-bounds structure in video code. Credit to Tavis Ormandy of the\nGoogle Security Team. [73066] High Crash with the DataView object.\nCredit to Sergey Glazunov. [73134] High Bad cast in text rendering.\nCredit to miaubiz. [73196] High Stale pointer in WebKit context code.\nCredit to Sergey Glazunov. [73716] Low Leak of heap address in XSLT.\nCredit to Google Chrome Security Team (Chris Evans). [73746] High\nStale pointer with SVG cursors. Credit to Sergey Glazunov. [74030]\nHigh DOM tree corruption with attribute handling. Credit to Sergey\nGlazunov. [74662] High Corruption via re-entrancy of RegExp code.\nCredit to Christian Holler. [74675] High Invalid memory access in v8.\nCredit to Christian Holler.\n\nFixed in 9.0.597.107 : [54262] High URL bar spoof. Credit to Jordi\nChancel. [63732] High Crash with JavaScript dialogs. Credit to Sergey\nRadchenko. [68263] High Stylesheet node stale pointer. Credit to\nSergey Glazunov. [68741] High Stale pointer with key frame rule.\nCredit to Sergey Glazunov. [70078] High Crash with forms controls.\nCredit to Stefan van Zanden. [70244] High Crash in SVG rendering.\nCredit to Slawomir Blazek. [64-bit Linux only] [70376] Medium\nOut-of-bounds read in pickle deserialization. Credit to Evgeniy\nStepanov of the Chromium development community. [71114] High Stale\nnode in table handling. Credit to Martin Barbella. [71115] High Stale\npointer in table rendering. Credit to Martin Barbella. [71296] High\nStale pointer in SVG animations. Credit to miaubiz. [71386] High Stale\nnodes in XHTML. Credit to wushi of team509. [71388] High Crash in\ntextarea handling. Credit to wushi of team509. [71595] High Stale\npointer in device orientation. Credit to Sergey Glazunov. [71717]\nMedium Out-of-bounds read in WebGL. Credit to miaubiz. [71855] High\nInteger overflow in textarea handling. Credit to miaubiz. [71960]\nMedium Out-of-bounds read in WebGL. Credit to Google Chrome Security\nTeam (Inferno). [72214] High Accidental exposure of internal extension\nfunctions. Credit to Tavis Ormandy of the Google Security Team.\n[72437] High Use-after-free with blocked plug-ins. Credit to Chamal de\nSilva. [73235] High Stale pointer in layout. Credit to Martin\nBarbella.\n\nFixed in 9.0.597.94 : [67234] High Stale pointer in animation event\nhandling. Credit to Rik Cabanier. [68120] High Use-after-free in SVG\nfont faces. Credit to miaubiz. [69556] High Stale pointer with\nanonymous block handling. Credit to Martin Barbella. [69970] Medium\nOut-of-bounds read in plug-in handling. Credit to Bill Budge of\nGoogle. [70456] Medium Possible failure to terminate process on\nout-of-memory condition. Credit to David Warren of CERT/CC.\n\nFixed in 9.0.597.84 : [Mac only] [42989] Low Minor sandbox leak via\nstat(). Credit to Daniel Cheng of the Chromium development community.\n[55831] High Use-after-free in image loading. Credit to Aki Helin of\nOUSPG. [59081] Low Apply some restrictions to cross-origin drag +\ndrop. Credit to Google Chrome Security Team (SkyLined) and the Google\nSecurity Team (Michal Zalewski, David Bloom). [62791] Low Browser\ncrash with extension with missing key. Credit to Brian Kirchoff.\n[64051] High Crashing when printing in PDF event handler. Credit to\nAki Helin of OUSPG. [65669] Low Handle merging of autofill profiles\nmore gracefully. Credit to Google Chrome Security Team (Inferno). [Mac\nonly] [66931] Low Work around a crash in the Mac OS 10.5 SSL\nlibraries. Credit to Dan Morrison. [68244] Low Browser crash with bad\nvolume setting. Credit to Matthew Heidermann. [69195] Critical Race\ncondition in audio handling. Credit to the gamers of Reddit!\n\nFixed in 8.0.552.237 : [58053] Medium Browser crash in extensions\nnotification handling. Credit to Eric Roman of the Chromium\ndevelopment community. [65764] High Bad pointer handling in node\niteration. Credit to Sergey Glazunov. [66334] High Crashes when\nprinting multi-page PDFs. Credit to Google Chrome Security Team (Chris\nEvans). [66560] High Stale pointer with CSS + canvas. Credit to Sergey\nGlazunov. [66748] High Stale pointer with CSS + cursors. Credit to Jan\nTosovsk. [67100] High Use after free in PDF page handling. Credit to\nGoogle Chrome Security Team (Chris Evans). [67208] High Stack\ncorruption after PDF out-of-memory condition. Credit to Jared Allar of\nCERT. [67303] High Bad memory access with mismatched video frame\nsizes. Credit to Aki Helin of OUSPG; plus independent discovery by\nGoogle Chrome Security Team (SkyLined) and David Warren of CERT.\n[67363] High Stale pointer with SVG use element. Credited anonymously;\nplus indepdent discovery by miaubiz. [67393] Medium Uninitialized\npointer in the browser triggered by rogue extension. Credit to kuzzcc.\n[68115] High Vorbis decoder buffer overflows. Credit to David Warren\nof CERT. [68170] High Buffer overflow in PDF shading. Credit to Aki\nHelin of OUSPG. [68178] High Bad cast in anchor handling. Credit to\nSergey Glazunov. [68181] High Bad cast in video handling. Credit to\nSergey Glazunov. [68439] High Stale rendering node after DOM node\nremoval. Credit to Martin Barbella; plus independent discovery by\nGoogle Chrome Security Team (SkyLined). [68666] Critical Stale pointer\nin speech handling. Credit to Sergey Glazunov.\n\nFixed in 8.0.552.224 : [64-bit Linux only] [56449] High Bad validation\nfor message deserialization on 64-bit builds. Credit to Lei Zhang of\nthe Chromium development community. [60761] Medium Bad extension can\ncause browser crash in tab handling. Credit to kuzzcc. [63529] Low\nBrowser crash with NULL pointer in web worker handling. Credit to\nNathan Weizenbaum of Google. [63866] Medium Out-of-bounds read in CSS\nparsing. Credit to Chris Rohlf. [64959] High Stale pointers in cursor\nhandling. Credit to Slawomir Blazek and Sergey Glazunov.\n\nFixed in 8.0.552.215 : [17655] Low Possible pop-up blocker bypass.\nCredit to Google Chrome Security Team (SkyLined). [55745] Medium\nCross-origin video theft with canvas. Credit to Nirankush Panchbhai\nand Microsoft Vulnerability Research (MSVR). [56237] Low Browser crash\nwith HTML5 databases. Credit to Google Chrome Security Team (Inferno).\n[58319] Low Prevent excessive file dialogs, possibly leading to\nbrowser crash. Credit to Cezary Tomczak (gosu.pl). [59554] High Use\nafter free in history handling. Credit to Stefan Troger. [Linux / Mac]\n[59817] Medium Make sure the 'dangerous file types' list is uptodate\nwith the Windows platforms. Credit to Billy Rios of the Google\nSecurity Team. [61701] Low Browser crash with HTTP proxy\nauthentication. Credit to Mohammed Bouhlel. [61653] Medium\nOut-of-bounds read regression in WebM video support. Credit to Google\nChrome Security Team (Chris Evans), based on earlier testcases from\nMozilla and Microsoft (MSVR). [62127] High Crash due to bad indexing\nwith malformed video. Credit to miaubiz. [62168] Medium Possible\nbrowser memory corruption via malicious privileged extension. Credit\nto kuzzcc. [62401] High Use after free with SVG animations. Credit to\nSlawomir Blazek. [63051] Medium Use after free in mouse dragging event\nhandling. Credit to kuzzcc. [63444] High Double free in XPath\nhandling. Credit to Yang Dingning from NCNIPC, Graduate University of\nChinese Academy of Sciences.\n\nFixed in 7.0.517.44 : [51602] High Use-after-free in text editing.\nCredit to David Bloom of the Google Security Team, Google Chrome\nSecurity Team (Inferno) and Google Chrome Security Team (Cris Neckar).\n[55257] High Memory corruption with enormous text area. Credit to\nwushi of team509. [58657] High Bad cast with the SVG use element.\nCredit to the kuzzcc. [58731] High Invalid memory read in XPath\nhandling. Credit to Bui Quang Minh from Bkis (www.bkis.com). [58741]\nHigh Use-after-free in text control selections. Credit to 'vkouchna'.\n[Linux only] [59320] High Integer overflows in font handling. Credit\nto Aki Helin of OUSPG. [60055] High Memory corruption in libvpx.\nCredit to Christoph Diehl. [60238] High Bad use of destroyed frame\nobject. Credit to various developers, including 'gundlach'. [60327]\n[60769] [61255] High Type confusions with event objects. Credit to\n'fam.lam' and Google Chrome Security Team (Inferno). [60688] High\nOut-of-bounds array access in SVG handling. Credit to wushi of\nteam509.\n\nFixed in 7.0.517.43 : [48225] [51727] Medium Possible autofill /\nautocomplete profile spamming. Credit to Google Chrome Security Team\n(Inferno). [48857] High Crash with forms. Credit to the Chromium\ndevelopment community. [50428] Critical Browser crash with form\nautofill. Credit to the Chromium development community. [51680] High\nPossible URL spoofing on page unload. Credit to kuzzcc; plus\nindependent discovery by Jordi Chancel. [53002] Low Pop-up block\nbypass. Credit to kuzzcc. [53985] Medium Crash on shutdown with Web\nSockets. Credit to the Chromium development community. [Linux only]\n[54132] Low Bad construction of PATH variable. Credit to Dan\nRosenberg, Virtual Security Research. [54500] High Possible memory\ncorruption with animated GIF. Credit to Simon Schaak. [Linux only]\n[54794] High Failure to sandbox worker processes on Linux. Credit to\nGoogle Chrome Security Team (Chris Evans). [56451] High Stale elements\nin an element map. Credit to Michal Zalewski of the Google Security\nTeam.\"\n );\n # http://googlechromereleases.blogspot.com/search/label/Stable%20updates\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?29fa020e\"\n );\n # http://www.freebsd.org/ports/portaudit/6887828f-0229-11e0-b84d-00262d5ed8ee.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?68c666ce\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/10/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/12/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<15.0.874.121\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:21:51", "bulletinFamily": "scanner", "description": "Specially crafted XPath expressions could allow attackers to cause a denial of service or possibly have unspecified other impact (CVE-2011-2821,CVE-2011-2834).", "modified": "2018-11-10T00:00:00", "id": "SUSE_11_4_LIBXML2-111201.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=75936", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : libxml2 (openSUSE-SU-2012:0073-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libxml2-5488.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75936);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/11/10 11:50:00\");\n\n script_cve_id(\"CVE-2011-2821\", \"CVE-2011-2834\");\n\n script_name(english:\"openSUSE Security Update : libxml2 (openSUSE-SU-2012:0073-1)\");\n script_summary(english:\"Check for the libxml2-5488 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted XPath expressions could allow attackers to cause a\ndenial of service or possibly have unspecified other impact\n(CVE-2011-2821,CVE-2011-2834).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=732787\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-01/msg00026.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libxml2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libxml2-2.7.8-16.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libxml2-debuginfo-2.7.8-16.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libxml2-debugsource-2.7.8-16.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libxml2-devel-2.7.8-16.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libxml2-32bit-2.7.8-16.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libxml2-debuginfo-32bit-2.7.8-16.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libxml2-devel-32bit-2.7.8-16.19.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2 / libxml2-32bit / libxml2-devel / libxml2-devel-32bit / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:21:44", "bulletinFamily": "scanner", "description": "Specially crafted XPath expressions could allow attackers to cause a denial of service or possibly have unspecified other impact (CVE-2011-2821,CVE-2011-2834).", "modified": "2018-11-10T00:00:00", "id": "SUSE_11_3_LIBXML2-111201.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=75635", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : libxml2 (openSUSE-SU-2012:0073-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libxml2-5488.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75635);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/11/10 11:49:59\");\n\n script_cve_id(\"CVE-2011-2821\", \"CVE-2011-2834\");\n\n script_name(english:\"openSUSE Security Update : libxml2 (openSUSE-SU-2012:0073-1)\");\n script_summary(english:\"Check for the libxml2-5488 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted XPath expressions could allow attackers to cause a\ndenial of service or possibly have unspecified other impact\n(CVE-2011-2821,CVE-2011-2834).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=732787\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-01/msg00026.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libxml2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libxml2-2.7.7-4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libxml2-devel-2.7.7-4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"libxml2-32bit-2.7.7-4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"libxml2-devel-32bit-2.7.7-4.9.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2 / libxml2-32bit / libxml2-devel / libxml2-devel-32bit\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:15:52", "bulletinFamily": "scanner", "description": "Specially crafted XPath expressions could have allowed attackers to cause a denial of service or possibly have unspecified other impact (CVE-2011-2821 / CVE-2011-2834). This has been fixed.", "modified": "2013-10-25T00:00:00", "id": "SUSE_11_LIBXML2-111201.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=57531", "published": "2012-01-13T00:00:00", "title": "SuSE 11.1 Security Update : libxml2 (SAT Patch Number 5489)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57531);\n script_version(\"$Revision: 1.5 $\");\n script_cvs_date(\"$Date: 2013/10/25 23:52:01 $\");\n\n script_cve_id(\"CVE-2011-2821\", \"CVE-2011-2834\");\n\n script_name(english:\"SuSE 11.1 Security Update : libxml2 (SAT Patch Number 5489)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted XPath expressions could have allowed attackers to\ncause a denial of service or possibly have unspecified other impact\n(CVE-2011-2821 / CVE-2011-2834). This has been fixed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=732787\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2821.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2834.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 5489.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libxml2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libxml2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"libxml2-2.7.6-0.11.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libxml2-2.7.6-0.11.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libxml2-32bit-2.7.6-0.11.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"libxml2-2.7.6-0.11.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"libxml2-doc-2.7.6-0.11.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"libxml2-32bit-2.7.6-0.11.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"libxml2-32bit-2.7.6-0.11.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:15:27", "bulletinFamily": "scanner", "description": "Double free vulnerabilities in libxml2 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted XPath expression and via vectors related to XPath handling (CVE-2011-2821, CVE-2011-2834).\n\nPackages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149 products_id=490\n\nThe updated packages have been patched to correct these issues.", "modified": "2018-07-19T00:00:00", "id": "MANDRIVA_MDVSA-2011-145.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=56429", "published": "2011-10-10T00:00:00", "title": "Mandriva Linux Security Advisory : libxml2 (MDVSA-2011:145)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2011:145. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56429);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/07/19 20:59:17\");\n\n script_cve_id(\"CVE-2011-2821\", \"CVE-2011-2834\");\n script_bugtraq_id(49279, 49658);\n script_xref(name:\"MDVSA\", value:\"2011:145\");\n\n script_name(english:\"Mandriva Linux Security Advisory : libxml2 (MDVSA-2011:145)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Double free vulnerabilities in libxml2 allows remote attackers to\ncause a denial of service or possibly have unspecified other impact\nvia a crafted XPath expression and via vectors related to XPath\nhandling (CVE-2011-2821, CVE-2011-2834).\n\nPackages for 2009.0 are provided as of the Extended Maintenance\nProgram. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149 products_id=490\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64xml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64xml2_2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxml2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxml2_2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2011\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64xml2-devel-2.7.1-1.8mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64xml2_2-2.7.1-1.8mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libxml2-devel-2.7.1-1.8mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"libxml2-python-2.7.1-1.8mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"libxml2-utils-2.7.1-1.8mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libxml2_2-2.7.1-1.8mdv2009.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64xml2-devel-2.7.7-1.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64xml2_2-2.7.7-1.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libxml2-devel-2.7.7-1.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"libxml2-python-2.7.7-1.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"libxml2-utils-2.7.7-1.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libxml2_2-2.7.7-1.4mdv2010.2\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64xml2-devel-2.7.8-6.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64xml2_2-2.7.8-6.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libxml2-devel-2.7.8-6.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"libxml2-python-2.7.8-6.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"libxml2-utils-2.7.8-6.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libxml2_2-2.7.8-6.2-mdv2011.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:16:17", "bulletinFamily": "scanner", "description": "The version of Safari installed on the remote host reportedly is affected by several issues :\n - Look-alike characters in a URL could be used to masquerade a website. (CVE-2012-0584)\n\n - Web page visits may be recorded in browser history even when private browsing is active. (CVE-2012-0585)\n\n - Multiple cross-site scripting issues existed in WebKit. (CVE-2011-3881, CVE-2012-0586, CVE-2012-0587, CVE-2012-0588, CVE-2012-0589)\n\n - A cross-origin issue existed in WebKit, which may allow cookies to be disclosed across origins. (CVE-2011-3887)\n\n - Visiting a maliciously crafted website and dragging content with the mouse may lead to a cross-site scripting attack. (CVE-2012-0590)\n\n - Multiple memory corruption issues existed in WebKit.\n (CVE-2011-2825, CVE-2011-2833, CVE-2011-2846, CVE-2011-2847, CVE-2011-2854, CVE-2011-2855, CVE-2011-2857, CVE-2011-2860, CVE-2011-2866, CVE-2011-2867, CVE-2011-2868, CVE-2011-2869, CVE-2011-2870, CVE-2011-2871, CVE-2011-2872, CVE-2011-2873, CVE-2011-2877, CVE-2011-3885, CVE-2011-3888, CVE-2011-3897, CVE-2011-3908, CVE-2011-3909, CVE-2011-3928, CVE-2012-0591, CVE-2012-0592, CVE-2012-0593, CVE-2012-0594, CVE-2012-0595, CVE-2012-0596, CVE-2012-0597, CVE-2012-0598, CVE-2012-0599, CVE-2012-0600, CVE-2012-0601, CVE-2012-0602, CVE-2012-0603, CVE-2012-0604, CVE-2012-0605, CVE-2012-0606, CVE-2012-0607, CVE-2012-0608, CVE-2012-0609, CVE-2012-0610, CVE-2012-0611, CVE-2012-0612, CVE-2012-0613, CVE-2012-0614, CVE-2012-0615, CVE-2012-0616, CVE-2012-0617, CVE-2012-0618, CVE-2012-0619, CVE-2012-0620, CVE-2012-0621, CVE-2012-0622, CVE-2012-0623, CVE-2012-0624, CVE-2012-0625, CVE-2012-0626, CVE-2012-0627, CVE-2012-0628, CVE-2012-0629, CVE-2012-0630, CVE-2012-0631, CVE-2012-0632, CVE-2012-0633, CVE-2012-0635, CVE-2012-0636, CVE-2012-0637, CVE-2012-0638, CVE-2012-0639, CVE-2012-0648)\n\n - Cookies may be set by third-parties, even when Safari is configured to block them. (CVE-2012-0640)\n\n - If a site uses HTTP authentication and redirects to another site, the authentication credentials may be sent to the other site. (CVE-2012-0647)", "modified": "2018-11-15T00:00:00", "id": "SAFARI_5_1_4.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=58323", "published": "2012-03-12T00:00:00", "title": "Safari < 5.1.4 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58323);\n script_version(\"1.19\");\n script_cvs_date(\"Date: 2018/11/15 20:50:28\");\n\n script_cve_id(\n \"CVE-2011-2825\",\n \"CVE-2011-2833\",\n \"CVE-2011-2846\",\n \"CVE-2011-2847\",\n \"CVE-2011-2854\",\n \"CVE-2011-2855\",\n \"CVE-2011-2857\",\n \"CVE-2011-2860\",\n \"CVE-2011-2866\",\n \"CVE-2011-2867\",\n \"CVE-2011-2868\",\n \"CVE-2011-2869\",\n \"CVE-2011-2870\",\n \"CVE-2011-2871\",\n \"CVE-2011-2872\",\n \"CVE-2011-2873\",\n \"CVE-2011-2877\",\n \"CVE-2011-3881\",\n \"CVE-2011-3885\",\n \"CVE-2011-3886\",\n \"CVE-2011-3888\",\n \"CVE-2011-3897\",\n \"CVE-2011-3908\",\n \"CVE-2011-3909\",\n \"CVE-2011-3928\",\n \"CVE-2012-0584\",\n \"CVE-2012-0585\",\n \"CVE-2012-0586\",\n \"CVE-2012-0587\",\n \"CVE-2012-0588\",\n \"CVE-2012-0589\",\n \"CVE-2012-0590\",\n \"CVE-2012-0591\",\n \"CVE-2012-0592\",\n \"CVE-2012-0593\",\n \"CVE-2012-0594\",\n \"CVE-2012-0595\",\n \"CVE-2012-0596\",\n \"CVE-2012-0597\",\n \"CVE-2012-0598\",\n \"CVE-2012-0599\",\n \"CVE-2012-0600\",\n \"CVE-2012-0601\",\n \"CVE-2012-0602\",\n \"CVE-2012-0603\",\n \"CVE-2012-0604\",\n \"CVE-2012-0605\",\n \"CVE-2012-0606\",\n \"CVE-2012-0607\",\n \"CVE-2012-0608\",\n \"CVE-2012-0609\",\n \"CVE-2012-0610\",\n \"CVE-2012-0611\",\n \"CVE-2012-0612\",\n \"CVE-2012-0613\",\n \"CVE-2012-0614\",\n \"CVE-2012-0615\",\n \"CVE-2012-0616\",\n \"CVE-2012-0617\",\n \"CVE-2012-0618\",\n \"CVE-2012-0619\",\n \"CVE-2012-0620\",\n \"CVE-2012-0621\",\n \"CVE-2012-0622\",\n \"CVE-2012-0623\",\n \"CVE-2012-0624\",\n \"CVE-2012-0625\",\n \"CVE-2012-0626\",\n \"CVE-2012-0627\",\n \"CVE-2012-0628\",\n \"CVE-2012-0629\",\n \"CVE-2012-0630\",\n \"CVE-2012-0631\",\n \"CVE-2012-0632\",\n \"CVE-2012-0633\",\n \"CVE-2012-0635\",\n \"CVE-2012-0636\",\n \"CVE-2012-0637\",\n \"CVE-2012-0638\",\n \"CVE-2012-0639\",\n \"CVE-2012-0640\",\n \"CVE-2012-0647\",\n \"CVE-2012-0648\"\n );\n script_bugtraq_id(\n 49279,\n 49658,\n 49938,\n 50360,\n 50642,\n 51041,\n 51641,\n 52363,\n 52365,\n 52367,\n 52419,\n 52421,\n 52423,\n 52956,\n 53148\n );\n\n script_name(english:\"Safari < 5.1.4 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version number of Safari\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote host contains a web browser that is affected by several\nissues.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The version of Safari installed on the remote host reportedly is\naffected by several issues :\n \n - Look-alike characters in a URL could be used to \n masquerade a website. (CVE-2012-0584)\n\n - Web page visits may be recorded in browser history even \n when private browsing is active. (CVE-2012-0585)\n\n - Multiple cross-site scripting issues existed in WebKit. \n (CVE-2011-3881, CVE-2012-0586, CVE-2012-0587, \n CVE-2012-0588, CVE-2012-0589)\n\n - A cross-origin issue existed in WebKit, which may allow \n cookies to be disclosed across origins. (CVE-2011-3887)\n\n - Visiting a maliciously crafted website and dragging \n content with the mouse may lead to a cross-site \n scripting attack. (CVE-2012-0590)\n\n - Multiple memory corruption issues existed in WebKit.\n (CVE-2011-2825, CVE-2011-2833, CVE-2011-2846, \n CVE-2011-2847, CVE-2011-2854, CVE-2011-2855, \n CVE-2011-2857, CVE-2011-2860, CVE-2011-2866, \n CVE-2011-2867, CVE-2011-2868, CVE-2011-2869,\n CVE-2011-2870, CVE-2011-2871, CVE-2011-2872, \n CVE-2011-2873, CVE-2011-2877, CVE-2011-3885, \n CVE-2011-3888, CVE-2011-3897, CVE-2011-3908, \n CVE-2011-3909, CVE-2011-3928, CVE-2012-0591,\n CVE-2012-0592, CVE-2012-0593, CVE-2012-0594, \n CVE-2012-0595, CVE-2012-0596, CVE-2012-0597, \n CVE-2012-0598, CVE-2012-0599, CVE-2012-0600, \n CVE-2012-0601, CVE-2012-0602, CVE-2012-0603,\n CVE-2012-0604, CVE-2012-0605, CVE-2012-0606, \n CVE-2012-0607, CVE-2012-0608, CVE-2012-0609, \n CVE-2012-0610, CVE-2012-0611, CVE-2012-0612, \n CVE-2012-0613, CVE-2012-0614, CVE-2012-0615,\n CVE-2012-0616, CVE-2012-0617, CVE-2012-0618, \n CVE-2012-0619, CVE-2012-0620, CVE-2012-0621, \n CVE-2012-0622, CVE-2012-0623, CVE-2012-0624, \n CVE-2012-0625, CVE-2012-0626, CVE-2012-0627,\n CVE-2012-0628, CVE-2012-0629, CVE-2012-0630, \n CVE-2012-0631, CVE-2012-0632, CVE-2012-0633, \n CVE-2012-0635, CVE-2012-0636, CVE-2012-0637, \n CVE-2012-0638, CVE-2012-0639, CVE-2012-0648)\n\n - Cookies may be set by third-parties, even when Safari \n is configured to block them. (CVE-2012-0640)\n\n - If a site uses HTTP authentication and redirects to \n another site, the authentication credentials may be \n sent to the other site. (CVE-2012-0647)\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-12-054/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-12-055/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-12-147/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://seclists.org/fulldisclosure/2012/Aug/267\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT5190\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Safari 5.1.4 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/03/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:safari\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"safari_installed.nasl\");\n script_require_keys(\"SMB/Safari/FileVersion\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"SMB/Safari/FileVersion\");\n\nversion_ui = get_kb_item(\"SMB/Safari/ProductVersion\");\nif (isnull(version_ui)) version_ui = version;\n\nfixed_version = '5.34.54.16';\nfixed_version_ui = '5.1.4 (7534.54.16)';\n\nif (ver_compare(ver:version, fix:fixed_version) == -1)\n{\n set_kb_item(name: 'www/'+get_kb_item(\"SMB/transport\")+'/XSS', value: TRUE);\n \n if (report_verbosity > 0)\n {\n path = get_kb_item(\"SMB/Safari/Path\");\n if (isnull(path)) path = \"n/a\";\n\n report = \n '\\n Path : ' + path + \n '\\n Installed version : ' + version_ui + \n '\\n Fixed version : ' + fixed_version_ui + '\\n';\n security_hole(port:get_kb_item(\"SMB/transport\"), extra:report);\n }\n else security_hole(get_kb_item(\"SMB/transport\"));\n}\nelse exit(0, \"The Safari \" + version_ui + \" install is not affected.\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2019-07-19T22:17:17", "bulletinFamily": "scanner", "description": "The host is installed with Google Chrome and is prone to multiple\n vulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2011-10-28T00:00:00", "id": "OPENVAS:1361412562310802264", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802264", "title": "Google Chrome multiple vulnerabilities - October11 (Mac OS X)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome multiple vulnerabilities - October11 (Mac OS X)\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802264\");\n script_version(\"2019-07-17T08:15:16+0000\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 08:15:16 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2011-10-28 16:17:13 +0200 (Fri, 28 Oct 2011)\");\n script_cve_id(\"CVE-2011-2845\", \"CVE-2011-3875\", \"CVE-2011-3876\", \"CVE-2011-3877\",\n \"CVE-2011-3878\", \"CVE-2011-3879\", \"CVE-2011-3880\", \"CVE-2011-3881\",\n \"CVE-2011-3882\", \"CVE-2011-3883\", \"CVE-2011-3884\", \"CVE-2011-3885\",\n \"CVE-2011-3886\", \"CVE-2011-3887\", \"CVE-2011-3888\", \"CVE-2011-3889\",\n \"CVE-2011-3890\", \"CVE-2011-3891\");\n script_bugtraq_id(50360);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Google Chrome multiple vulnerabilities - October11 (Mac OS X)\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/id/1026242\");\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html\");\n\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_macosx.nasl\");\n script_mandatory_keys(\"GoogleChrome/MacOSX/Version\");\n script_tag(name:\"impact\", value:\"Successful exploitation could allow attackers to execute arbitrary code,\n steal cookie-based authentication credentials, bypass the cross-origin\n restrictions, perform spoofing attacks, and disclose potentially sensitive\n information, other attacks may also be possible.\");\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 15.0.874.102 on Mac OS X\");\n script_tag(name:\"insight\", value:\"For more details about the vulnerabilities refer the reference section.\");\n script_tag(name:\"solution\", value:\"Upgrade to the Google Chrome 15.0.874.102 or later.\");\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome and is prone to multiple\n vulnerabilities.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nchromeVer = get_kb_item(\"GoogleChrome/MacOSX/Version\");\nif(!chromeVer){\n exit(0);\n}\n\nif(version_is_less(version:chromeVer, test_version:\"15.0.874.102\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-19T22:16:45", "bulletinFamily": "scanner", "description": "The host is installed with Google Chrome and is prone to multiple\n vulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2011-10-28T00:00:00", "id": "OPENVAS:1361412562310802263", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802263", "title": "Google Chrome multiple vulnerabilities - October11 (Linux)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome multiple vulnerabilities - October11 (Linux)\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802263\");\n script_version(\"2019-07-17T08:15:16+0000\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 08:15:16 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2011-10-28 16:17:13 +0200 (Fri, 28 Oct 2011)\");\n script_cve_id(\"CVE-2011-2845\", \"CVE-2011-3875\", \"CVE-2011-3876\", \"CVE-2011-3877\",\n \"CVE-2011-3878\", \"CVE-2011-3879\", \"CVE-2011-3880\", \"CVE-2011-3881\",\n \"CVE-2011-3882\", \"CVE-2011-3883\", \"CVE-2011-3884\", \"CVE-2011-3885\",\n \"CVE-2011-3886\", \"CVE-2011-3887\", \"CVE-2011-3888\", \"CVE-2011-3889\",\n \"CVE-2011-3890\", \"CVE-2011-3891\");\n script_bugtraq_id(50360);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Google Chrome multiple vulnerabilities - October11 (Linux)\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/id/1026242\");\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html\");\n\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_lin.nasl\");\n script_mandatory_keys(\"Google-Chrome/Linux/Ver\");\n script_tag(name:\"impact\", value:\"Successful exploitation could allow attackers to execute arbitrary code,\n steal cookie-based authentication credentials, bypass the cross-origin\n restrictions, perform spoofing attacks, and disclose potentially sensitive\n information, other attacks may also be possible.\");\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 15.0.874.102 on Linux\");\n script_tag(name:\"insight\", value:\"For more details about the vulnerabilities refer the reference section.\");\n script_tag(name:\"solution\", value:\"Upgrade to the Google Chrome 15.0.874.102 or later.\");\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome and is prone to multiple\n vulnerabilities.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nchromeVer = get_kb_item(\"Google-Chrome/Linux/Ver\");\nif(!chromeVer){\n exit(0);\n}\n\nif(version_is_less(version:chromeVer, test_version:\"15.0.874.102\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-19T22:17:07", "bulletinFamily": "scanner", "description": "The host is installed with Google Chrome and is prone to multiple\n vulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2011-10-28T00:00:00", "id": "OPENVAS:1361412562310802262", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802262", "title": "Google Chrome Multiple Vulnerabilities - October11 (Windows)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Multiple Vulnerabilities - October11 (Windows)\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802262\");\n script_version(\"2019-07-17T08:15:16+0000\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 08:15:16 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2011-10-28 16:17:13 +0200 (Fri, 28 Oct 2011)\");\n script_cve_id(\"CVE-2011-2845\", \"CVE-2011-3875\", \"CVE-2011-3876\", \"CVE-2011-3877\",\n \"CVE-2011-3878\", \"CVE-2011-3879\", \"CVE-2011-3880\", \"CVE-2011-3881\",\n \"CVE-2011-3882\", \"CVE-2011-3883\", \"CVE-2011-3884\", \"CVE-2011-3885\",\n \"CVE-2011-3886\", \"CVE-2011-3887\", \"CVE-2011-3888\", \"CVE-2011-3889\",\n \"CVE-2011-3890\", \"CVE-2011-3891\");\n script_bugtraq_id(50360);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Google Chrome Multiple Vulnerabilities - October11 (Windows)\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/id/1026242\");\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html\");\n\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_portable_win.nasl\");\n script_mandatory_keys(\"GoogleChrome/Win/Ver\");\n script_tag(name:\"impact\", value:\"Successful exploitation could allow attackers to execute arbitrary code,\n steal cookie-based authentication credentials, bypass the cross-origin\n restrictions, perform spoofing attacks, and disclose potentially sensitive\n information, other attacks may also be possible.\");\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 15.0.874.102 on Windows\");\n script_tag(name:\"insight\", value:\"For more details about the vulnerabilities refer the reference section.\");\n script_tag(name:\"solution\", value:\"Upgrade to the Google Chrome 15.0.874.102 or later.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome and is prone to multiple\n vulnerabilities.\");\n\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nchromeVer = get_kb_item(\"GoogleChrome/Win/Ver\");\nif(!chromeVer){\n exit(0);\n}\n\nif(version_is_less(version:chromeVer, test_version:\"15.0.874.102\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-09-05T11:22:35", "bulletinFamily": "scanner", "description": "The host is installed with Google Chrome and is prone to multiple\n vulnerabilities.", "modified": "2017-09-04T00:00:00", "published": "2011-10-28T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=802263", "id": "OPENVAS:802263", "title": "Google Chrome multiple vulnerabilities - October11 (Linux)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_google_chrome_mult_vuln_oct11_lin01.nasl 7052 2017-09-04 11:50:51Z teissa $\n#\n# Google Chrome multiple vulnerabilities - October11 (Linux)\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation could allow attackers to execute arbitrary code,\n steal cookie-based authentication credentials, bypass the cross-origin\n restrictions, perform spoofing attacks, and disclose potentially sensitive\n information, other attacks may also be possible.\n Impact Level: System/Application\";\ntag_affected = \"Google Chrome version prior to 15.0.874.102 on Linux\";\ntag_insight = \"For more details about the vulnerabilities refer the reference section.\";\ntag_solution = \"Upgrade to the Google Chrome 15.0.874.102 or later,\n For updates refer to http://www.google.com/chrome\";\ntag_summary = \"The host is installed with Google Chrome and is prone to multiple\n vulnerabilities.\";\n\nif(description)\n{\n script_id(802263);\n script_version(\"$Revision: 7052 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-09-04 13:50:51 +0200 (Mon, 04 Sep 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-28 16:17:13 +0200 (Fri, 28 Oct 2011)\");\n script_cve_id(\"CVE-2011-2845\", \"CVE-2011-3875\", \"CVE-2011-3876\", \"CVE-2011-3877\",\n \"CVE-2011-3878\", \"CVE-2011-3879\", \"CVE-2011-3880\", \"CVE-2011-3881\",\n \"CVE-2011-3882\", \"CVE-2011-3883\", \"CVE-2011-3884\", \"CVE-2011-3885\",\n \"CVE-2011-3886\", \"CVE-2011-3887\", \"CVE-2011-3888\", \"CVE-2011-3889\",\n \"CVE-2011-3890\", \"CVE-2011-3891\");\n script_bugtraq_id(50360);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Google Chrome multiple vulnerabilities - October11 (Linux)\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/id/1026242\");\n script_xref(name : \"URL\" , value : \"http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html\");\n\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_lin.nasl\");\n script_require_keys(\"Google-Chrome/Linux/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n## Get the version from KB\nchromeVer = get_kb_item(\"Google-Chrome/Linux/Ver\");\nif(!chromeVer){\n exit(0);\n}\n\n## Check for Google Chrome Version less than 15.0.874.102\nif(version_is_less(version:chromeVer, test_version:\"15.0.874.102\")){\n security_message(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-09-04T14:20:00", "bulletinFamily": "scanner", "description": "The host is installed with Google Chrome and is prone to multiple\n vulnerabilities.", "modified": "2017-08-28T00:00:00", "published": "2011-10-28T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=802264", "id": "OPENVAS:802264", "title": "Google Chrome multiple vulnerabilities - October11 (Mac OS X)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_google_chrome_mult_vuln_oct11_macosx01.nasl 7015 2017-08-28 11:51:24Z teissa $\n#\n# Google Chrome multiple vulnerabilities - October11 (Mac OS X)\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation could allow attackers to execute arbitrary code,\n steal cookie-based authentication credentials, bypass the cross-origin\n restrictions, perform spoofing attacks, and disclose potentially sensitive\n information, other attacks may also be possible.\n Impact Level: System/Application\";\ntag_affected = \"Google Chrome version prior to 15.0.874.102 on Mac OS X\";\ntag_insight = \"For more details about the vulnerabilities refer the reference section.\";\ntag_solution = \"Upgrade to the Google Chrome 15.0.874.102 or later,\n For updates refer to http://www.google.com/chrome\";\ntag_summary = \"The host is installed with Google Chrome and is prone to multiple\n vulnerabilities.\";\n\nif(description)\n{\n script_id(802264);\n script_version(\"$Revision: 7015 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-08-28 13:51:24 +0200 (Mon, 28 Aug 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-28 16:17:13 +0200 (Fri, 28 Oct 2011)\");\n script_cve_id(\"CVE-2011-2845\", \"CVE-2011-3875\", \"CVE-2011-3876\", \"CVE-2011-3877\",\n \"CVE-2011-3878\", \"CVE-2011-3879\", \"CVE-2011-3880\", \"CVE-2011-3881\",\n \"CVE-2011-3882\", \"CVE-2011-3883\", \"CVE-2011-3884\", \"CVE-2011-3885\",\n \"CVE-2011-3886\", \"CVE-2011-3887\", \"CVE-2011-3888\", \"CVE-2011-3889\",\n \"CVE-2011-3890\", \"CVE-2011-3891\");\n script_bugtraq_id(50360);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Google Chrome multiple vulnerabilities - October11 (Mac OS X)\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/id/1026242\");\n script_xref(name : \"URL\" , value : \"http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html\");\n\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_macosx.nasl\");\n script_require_keys(\"GoogleChrome/MacOSX/Version\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n## Get the version from KB\nchromeVer = get_kb_item(\"GoogleChrome/MacOSX/Version\");\nif(!chromeVer){\n exit(0);\n}\n\n## Check for Google Chrome Version less than 15.0.874.102\nif(version_is_less(version:chromeVer, test_version:\"15.0.874.102\")){\n security_message(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-09-04T14:19:49", "bulletinFamily": "scanner", "description": "The host is installed with Google Chrome and is prone to multiple\n vulnerabilities.", "modified": "2017-08-30T00:00:00", "published": "2011-10-28T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=802262", "id": "OPENVAS:802262", "title": "Google Chrome Multiple Vulnerabilities - October11 (Windows)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_google_chrome_mult_vuln_oct11_win01.nasl 7024 2017-08-30 11:51:43Z teissa $\n#\n# Google Chrome Multiple Vulnerabilities - October11 (Windows)\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation could allow attackers to execute arbitrary code,\n steal cookie-based authentication credentials, bypass the cross-origin\n restrictions, perform spoofing attacks, and disclose potentially sensitive\n information, other attacks may also be possible.\n Impact Level: System/Application\";\ntag_affected = \"Google Chrome version prior to 15.0.874.102 on Windows\";\ntag_insight = \"For more details about the vulnerabilities refer the reference section.\";\ntag_solution = \"Upgrade to the Google Chrome 15.0.874.102 or later,\n For updates refer to http://www.google.com/chrome\";\ntag_summary = \"The host is installed with Google Chrome and is prone to multiple\n vulnerabilities.\";\n\nif(description)\n{\n script_id(802262);\n script_version(\"$Revision: 7024 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-08-30 13:51:43 +0200 (Wed, 30 Aug 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-28 16:17:13 +0200 (Fri, 28 Oct 2011)\");\n script_cve_id(\"CVE-2011-2845\", \"CVE-2011-3875\", \"CVE-2011-3876\", \"CVE-2011-3877\",\n \"CVE-2011-3878\", \"CVE-2011-3879\", \"CVE-2011-3880\", \"CVE-2011-3881\",\n \"CVE-2011-3882\", \"CVE-2011-3883\", \"CVE-2011-3884\", \"CVE-2011-3885\",\n \"CVE-2011-3886\", \"CVE-2011-3887\", \"CVE-2011-3888\", \"CVE-2011-3889\",\n \"CVE-2011-3890\", \"CVE-2011-3891\");\n script_bugtraq_id(50360);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Google Chrome Multiple Vulnerabilities - October11 (Windows)\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/id/1026242\");\n script_xref(name : \"URL\" , value : \"http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html\");\n\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_win.nasl\");\n script_require_keys(\"GoogleChrome/Win/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n## Get the version from KB\nchromeVer = get_kb_item(\"GoogleChrome/Win/Ver\");\nif(!chromeVer){\n exit(0);\n}\n\n## Check for Google Chrome Versions prior to 15.0.874.102\nif(version_is_less(version:chromeVer, test_version:\"15.0.874.102\")){\n security_message(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-09-04T14:20:16", "bulletinFamily": "scanner", "description": "The host is running Google Chrome and is prone to multiple\n vulnerabilities.", "modified": "2017-08-25T00:00:00", "published": "2011-09-23T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=902627", "id": "OPENVAS:902627", "title": "Google Chrome Multiple Vulnerabilities - Sep11 (Windows)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_google_chrome_mult_vuln_sep11_win.nasl 7006 2017-08-25 11:51:20Z teissa $\n#\n# Google Chrome Multiple Vulnerabilities - Sep11 (Windows)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation could allow attackers to execute arbitrary code in\n the context of the browser, inject scripts, bypass certain security\n restrictions, or cause a denial-of-service condition.\n Impact Level: System/Application\";\ntag_affected = \"Google Chrome version prior to 14.0.835.163 on Windows.\";\ntag_insight = \"For more information on the vulnerabilities refer to the links below.\";\ntag_solution = \"Upgrade to the Google Chrome 14.0.835.163 or later,\n For updates refer to http://www.google.com/chrome\";\ntag_summary = \"The host is running Google Chrome and is prone to multiple\n vulnerabilities.\";\n\nif(description)\n{\n script_id(902627);\n script_version(\"$Revision: 7006 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-08-25 13:51:20 +0200 (Fri, 25 Aug 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-23 16:39:49 +0200 (Fri, 23 Sep 2011)\");\n script_cve_id(\"CVE-2011-2834\", \"CVE-2011-2835\", \"CVE-2011-2836\", \"CVE-2011-2838\",\n \"CVE-2011-2839\", \"CVE-2011-2840\", \"CVE-2011-2841\", \"CVE-2011-2843\",\n \"CVE-2011-2844\", \"CVE-2011-2846\", \"CVE-2011-2847\", \"CVE-2011-2848\",\n \"CVE-2011-2849\", \"CVE-2011-2850\", \"CVE-2011-2851\", \"CVE-2011-2852\",\n \"CVE-2011-2853\", \"CVE-2011-2854\", \"CVE-2011-2855\", \"CVE-2011-2856\",\n \"CVE-2011-2857\", \"CVE-2011-2858\", \"CVE-2011-2859\", \"CVE-2011-2860\",\n \"CVE-2011-2861\", \"CVE-2011-2862\", \"CVE-2011-2864\", \"CVE-2011-2874\",\n \"CVE-2011-2875\", \"CVE-2011-3234\", \"CVE-2011-2830\");\n script_bugtraq_id(49658);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Google Chrome Multiple Vulnerabilities - Sep11 (Windows)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/46049\");\n script_xref(name : \"URL\" , value : \"http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html\");\n\n script_copyright(\"Copyright (c) 2011 SecPod\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_win.nasl\");\n script_require_keys(\"GoogleChrome/Win/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n## Get the version from KB\nchromeVer = get_kb_item(\"GoogleChrome/Win/Ver\");\nif(!chromeVer){\n exit(0);\n}\n\n## Check for Google Chrome Version less than 14.0.835.163\nif(version_is_less(version:chromeVer, test_version:\"14.0.835.163\")){\n security_message(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-07-19T22:16:51", "bulletinFamily": "scanner", "description": "The host is running Google Chrome and is prone to multiple\n vulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2011-09-23T00:00:00", "id": "OPENVAS:1361412562310902628", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310902628", "title": "Google Chrome Multiple Vulnerabilities - Sep11 (Linux)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Multiple Vulnerabilities - Sep11 (Linux)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.902628\");\n script_version(\"2019-07-17T08:15:16+0000\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 08:15:16 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2011-09-23 16:39:49 +0200 (Fri, 23 Sep 2011)\");\n script_cve_id(\"CVE-2011-2834\", \"CVE-2011-2835\", \"CVE-2011-2836\", \"CVE-2011-2838\",\n \"CVE-2011-2839\", \"CVE-2011-2840\", \"CVE-2011-2841\", \"CVE-2011-2843\",\n \"CVE-2011-2844\", \"CVE-2011-2846\", \"CVE-2011-2847\", \"CVE-2011-2848\",\n \"CVE-2011-2849\", \"CVE-2011-2850\", \"CVE-2011-2851\", \"CVE-2011-2852\",\n \"CVE-2011-2853\", \"CVE-2011-2854\", \"CVE-2011-2855\", \"CVE-2011-2856\",\n \"CVE-2011-2857\", \"CVE-2011-2858\", \"CVE-2011-2859\", \"CVE-2011-2860\",\n \"CVE-2011-2861\", \"CVE-2011-2862\", \"CVE-2011-2864\", \"CVE-2011-2874\",\n \"CVE-2011-2875\", \"CVE-2011-3234\", \"CVE-2011-2837\", \"CVE-2011-2830\");\n script_bugtraq_id(49658);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Google Chrome Multiple Vulnerabilities - Sep11 (Linux)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/46049\");\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html\");\n\n script_copyright(\"Copyright (c) 2011 SecPod\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_lin.nasl\");\n script_mandatory_keys(\"Google-Chrome/Linux/Ver\");\n script_tag(name:\"impact\", value:\"Successful exploitation could allow attackers to execute arbitrary code in\n the context of the browser, inject scripts, bypass certain security\n restrictions, or cause a denial-of-service condition.\");\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 14.0.835.163 on Linux.\");\n script_tag(name:\"insight\", value:\"For more information on the vulnerabilities refer to the links below.\");\n script_tag(name:\"solution\", value:\"Upgrade to the Google Chrome 14.0.835.163 or later.\");\n script_tag(name:\"summary\", value:\"The host is running Google Chrome and is prone to multiple\n vulnerabilities.\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nchromeVer = get_kb_item(\"Google-Chrome/Linux/Ver\");\nif(!chromeVer){\n exit(0);\n}\n\nif(version_is_less(version:chromeVer, test_version:\"14.0.835.163\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-09-04T14:19:39", "bulletinFamily": "scanner", "description": "The host is running Google Chrome and is prone to multiple\n vulnerabilities.", "modified": "2017-09-01T00:00:00", "published": "2011-09-23T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=902628", "id": "OPENVAS:902628", "title": "Google Chrome Multiple Vulnerabilities - Sep11 (Linux)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_google_chrome_mult_vuln_sep11_lin.nasl 7044 2017-09-01 11:50:59Z teissa $\n#\n# Google Chrome Multiple Vulnerabilities - Sep11 (Linux)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation could allow attackers to execute arbitrary code in\n the context of the browser, inject scripts, bypass certain security\n restrictions, or cause a denial-of-service condition.\n Impact Level: System/Application\";\ntag_affected = \"Google Chrome version prior to 14.0.835.163 on Linux.\";\ntag_insight = \"For more information on the vulnerabilities refer to the links below.\";\ntag_solution = \"Upgrade to the Google Chrome 14.0.835.163 or later,\n For updates refer to http://www.google.com/chrome\";\ntag_summary = \"The host is running Google Chrome and is prone to multiple\n vulnerabilities.\";\n\nif(description)\n{\n script_id(902628);\n script_version(\"$Revision: 7044 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-09-01 13:50:59 +0200 (Fri, 01 Sep 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-23 16:39:49 +0200 (Fri, 23 Sep 2011)\");\n script_cve_id(\"CVE-2011-2834\", \"CVE-2011-2835\", \"CVE-2011-2836\", \"CVE-2011-2838\",\n \"CVE-2011-2839\", \"CVE-2011-2840\", \"CVE-2011-2841\", \"CVE-2011-2843\",\n \"CVE-2011-2844\", \"CVE-2011-2846\", \"CVE-2011-2847\", \"CVE-2011-2848\",\n \"CVE-2011-2849\", \"CVE-2011-2850\", \"CVE-2011-2851\", \"CVE-2011-2852\",\n \"CVE-2011-2853\", \"CVE-2011-2854\", \"CVE-2011-2855\", \"CVE-2011-2856\",\n \"CVE-2011-2857\", \"CVE-2011-2858\", \"CVE-2011-2859\", \"CVE-2011-2860\",\n \"CVE-2011-2861\", \"CVE-2011-2862\", \"CVE-2011-2864\", \"CVE-2011-2874\",\n \"CVE-2011-2875\", \"CVE-2011-3234\", \"CVE-2011-2837\", \"CVE-2011-2830\");\n script_bugtraq_id(49658);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Google Chrome Multiple Vulnerabilities - Sep11 (Linux)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/46049\");\n script_xref(name : \"URL\" , value : \"http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html\");\n\n script_copyright(\"Copyright (c) 2011 SecPod\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_lin.nasl\");\n script_require_keys(\"Google-Chrome/Linux/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n## Get the version from KB\nchromeVer = get_kb_item(\"Google-Chrome/Linux/Ver\");\nif(!chromeVer){\n exit(0);\n}\n\n## Check for Google Chrome Version less than 14.0.835.163\nif(version_is_less(version:chromeVer, test_version:\"14.0.835.163\")){\n security_message(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-09-04T14:20:10", "bulletinFamily": "scanner", "description": "The host is running Google Chrome and is prone to multiple\n vulnerabilities.", "modified": "2017-09-01T00:00:00", "published": "2011-09-23T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=902629", "id": "OPENVAS:902629", "title": "Google Chrome Multiple Vulnerabilities - Sep11 (Mac OS X)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_google_chrome_mult_vuln_sep11_macosx.nasl 7044 2017-09-01 11:50:59Z teissa $\n#\n# Google Chrome Multiple Vulnerabilities - Sep11 (Mac OS X)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation could allow attackers to execute arbitrary code in\n the context of the browser, inject scripts, bypass certain security\n restrictions, or cause a denial-of-service condition.\n Impact Level: System/Application\";\ntag_affected = \"Google Chrome version prior to 14.0.835.163 on Mac OS X.\";\ntag_insight = \"For more information on the vulnerabilities refer to the links below.\";\ntag_solution = \"Upgrade to the Google Chrome 14.0.835.163 or later,\n For updates refer to http://www.google.com/chrome\";\ntag_summary = \"The host is running Google Chrome and is prone to multiple\n vulnerabilities.\";\n\nif(description)\n{\n script_id(902629);\n script_version(\"$Revision: 7044 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-09-01 13:50:59 +0200 (Fri, 01 Sep 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-23 16:39:49 +0200 (Fri, 23 Sep 2011)\");\n script_cve_id(\"CVE-2011-2834\", \"CVE-2011-2835\", \"CVE-2011-2836\", \"CVE-2011-2838\",\n \"CVE-2011-2839\", \"CVE-2011-2840\", \"CVE-2011-2841\", \"CVE-2011-2843\",\n \"CVE-2011-2844\", \"CVE-2011-2846\", \"CVE-2011-2847\", \"CVE-2011-2848\",\n \"CVE-2011-2849\", \"CVE-2011-2850\", \"CVE-2011-2851\", \"CVE-2011-2852\",\n \"CVE-2011-2853\", \"CVE-2011-2854\", \"CVE-2011-2855\", \"CVE-2011-2856\",\n \"CVE-2011-2857\", \"CVE-2011-2858\", \"CVE-2011-2859\", \"CVE-2011-2860\",\n \"CVE-2011-2861\", \"CVE-2011-2862\", \"CVE-2011-2864\", \"CVE-2011-2874\",\n \"CVE-2011-2875\", \"CVE-2011-3234\", \"CVE-2011-2842\", \"CVE-2011-2830\");\n script_bugtraq_id(49658);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Google Chrome Multiple Vulnerabilities - Sep11 (Mac OS X)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/46049\");\n script_xref(name : \"URL\" , value : \"http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html\");\n\n script_copyright(\"Copyright (c) 2011 SecPod\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_macosx.nasl\");\n script_require_keys(\"GoogleChrome/MacOSX/Version\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n## Get the version from KB\nchromeVer = get_kb_item(\"GoogleChrome/MacOSX/Version\");\nif(!chromeVer){\n exit(0);\n}\n\n## Check for Google Chrome Version less than 14.0.835.163\nif(version_is_less(version:chromeVer, test_version:\"14.0.835.163\")){\n security_message(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "threatpost": [{"lastseen": "2018-10-06T23:04:34", "bulletinFamily": "info", "description": "[](<https://threatpost.com/google-fixes-27-bugs-chrome-15-102511/>)Google has fixed more than two dozen vulnerabilities in its Chrome browser and also implemented a defense against the BEAST SSL attack. The bugs fixed in the new version of Chrome include 11 high-severity flaws.\n\nAs part of its bug bounty program, Google paid more than $26,000 in rewards to researchers who reported bugs to the company that were fixed in the newest version of the browser. Among the more serious vulnerabilities fixed in Chrome is a series of same-origin policy violations (CVE-2011-3881) that were discovered and reported by a researcher named Sergey Glazunov. That submission alone earned him $12,174 in rewards.\n\nThe full list of bugs fixed in Chrome 15.0.874.102:\n\n * [$500] [[86758](<http://code.google.com/p/chromium/issues/detail?id=86758>)] High CVE-2011-2845: URL bar spoof in history handling. Credit to Jordi Chancel.\n * [[88949](<http://code.google.com/p/chromium/issues/detail?id=88949>)] Medium CVE-2011-3875: URL bar spoof with drag+drop of URLs. Credit to Jordi Chancel.\n * [[90217](<http://code.google.com/p/chromium/issues/detail?id=90217>)] Low CVE-2011-3876: Avoid stripping whitespace at the end of download filenames. Credit to Marc Novak.\n * [[91218](<http://code.google.com/p/chromium/issues/detail?id=91218>)] Low CVE-2011-3877: XSS in appcache internals page. Credit to Google Chrome Security Team (Tom Sepez) plus independent discovery by Juho Nurminen.\n * [[94487](<http://code.google.com/p/chromium/issues/detail?id=94487>)] Medium CVE-2011-3878: Race condition in worker process initialization. Credit to miaubiz.\n * [[95374](<http://code.google.com/p/chromium/issues/detail?id=95374>)] Low CVE-2011-3879: Avoid redirect to chrome scheme URIs. Credit to Masato Kinugawa.\n * [[95992](<http://code.google.com/p/chromium/issues/detail?id=95992>)] Low CVE-2011-3880: Don\u2019t permit as a HTTP header delimiter. Credit to Vladimir Vorontsov, ONsec company.\n * [$12174] [[96047](<http://code.google.com/p/chromium/issues/detail?id=96047>)] [[96885](<http://code.google.com/p/chromium/issues/detail?id=96885>)] [[98053](<http://code.google.com/p/chromium/issues/detail?id=98053>)] [[99512](<http://code.google.com/p/chromium/issues/detail?id=99512>)] [[99750](<http://code.google.com/p/chromium/issues/detail?id=99750>)] High CVE-2011-3881: Cross-origin policy violations. Credit to Sergey Glazunov.\n * [[96292](<http://code.google.com/p/chromium/issues/detail?id=96292>)] High CVE-2011-3882: Use-after-free in media buffer handling. Credit to Google Chrome Security Team (Inferno).\n * [$1000] [[96902](<http://code.google.com/p/chromium/issues/detail?id=96902>)] High CVE-2011-3883: Use-after-free in counter handling. Credit to miaubiz.\n * [[97148](<http://code.google.com/p/chromium/issues/detail?id=97148>)] High CVE-2011-3884: Timing issues in DOM traversal. Credit to Brian Ryner of the Chromium development community.\n * [$6337] [[97599](<http://code.google.com/p/chromium/issues/detail?id=97599>)] [[98064](<http://code.google.com/p/chromium/issues/detail?id=98064>)] [[98556](<http://code.google.com/p/chromium/issues/detail?id=98556>)] [[99294](<http://code.google.com/p/chromium/issues/detail?id=99294>)] [[99880](<http://code.google.com/p/chromium/issues/detail?id=99880>)] [[100059](<http://code.google.com/p/chromium/issues/detail?id=100059>)] High CVE-2011-3885: Stale style bugs leading to use-after-free. Credit to miaubiz.\n * [$2000] [[98773](<http://code.google.com/p/chromium/issues/detail?id=98773>)] [[99167](<http://code.google.com/p/chromium/issues/detail?id=99167>)] High CVE-2011-3886: Out of bounds writes in v8. Credit to Christian Holler.\n * [$1500] [[98407](<http://code.google.com/p/chromium/issues/detail?id=98407>)] Medium CVE-2011-3887: Cookie theft with javascript URIs. Credit to Sergey Glazunov.\n * [$1000] [[99138](<http://code.google.com/p/chromium/issues/detail?id=99138>)] High CVE-2011-3888: Use-after-free with plug-in and editing. Credit to miaubiz.\n * [$2000] [[99211](<http://code.google.com/p/chromium/issues/detail?id=99211>)] High CVE-2011-3889: Heap overflow in Web Audio. Credit to miaubiz.\n * [[99553](<http://code.google.com/p/chromium/issues/detail?id=99553>)] High CVE-2011-3890: Use-after-free in video source handling. Credit to Ami Fischman of the Chromium development community.\n * [[100332](<http://code.google.com/p/chromium/issues/detail?id=100332>)] High CVE-2011-3891: Exposure of internal v8 functions. Credit to Steven Keuchel of the Chromium development community plus independent discovery by Daniel Divricean.\n\nChrome was not directly vulnerable to the [BEAST SSL ](<https://threatpost.com/new-attack-breaks-confidentiality-model-ssl-allows-theft-encrypted-cookies-091911/>)[attack](<https://threatpost.com/new-attack-breaks-confidentiality-model-ssl-allows-theft-encrypted-cookies-091911/>) that was developed by Thai Duong and Juliano Rizzo and disclosed a few weeks ago, but Google made a change to the browser to defend against such attacks anyway.\n\n\u201cAlthough Chrome is not directly affected by the attack, the NSS network library was updated to include a defense against so-called BEAST. This defense may expose bugs in Brocade hardware. Brocade is working on the issue,\u201d the company said in a [blog post](<http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+GoogleChromeReleases+%28Google+Chrome+Releases%29>).\n", "modified": "2013-04-17T16:33:31", "published": "2011-10-25T17:51:34", "id": "THREATPOST:319601D0EE38C0A8BD8C8EAD0F901F59", "href": "https://threatpost.com/google-fixes-27-bugs-chrome-15-102511/75798/", "type": "threatpost", "title": "Google Fixes 27 Bugs in Chrome 15", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-06T23:04:49", "bulletinFamily": "info", "description": "[](<https://threatpost.com/google-fixes-more-30-flaws-chrome-091611/>)Google has fixed more than 30 security vulnerabilities in its Chrome browser with a new version the company released on Friday. The company also paid out more than $14,000 in rewards to the various researchers who reported bugs that were fixed with Chrome 14.0.835.163. \n\nThe new [version of Chrome](<http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html>) includes fixes for 15 high-risk vulnerabilities, but none of the flaws in this release were rated critical by Google\u2019s security team. The highest payout for one of the fixed bugs was a $2337 reward for Sergey Glazunov, who reported a bug that caused unintended access to V8 objects in Chrome. Many of the bugs fixed in this version of the browser were discovered by Google\u2019s internal security team, which don\u2019t qualify for the reward. However, the company still paid out $14,337 in bounties with this release.\n\nInterestingly, Google also included a thank-you to a broad set of researchers\u2013including some at Microsoft and Apple\u2013for their work in helping to prevent certain flaws from ever making it into Chrome stable releases.\n\n\u201cIn addition, we would like to thank \u2018send.my.spam.to\u2019, \u2018Feiler89\u2019, miaubiz, The Microsoft Java Team / Microsoft Vulnerability Research (MSVR), Chris Rohlf of Matasano, Chamal de Silva, Christian Holler, \u2018simon.sarris\u2019 and Alexey Proskuryakov of Apple for working with us in the development cycle and preventing bugs from ever reaching the stable channel. Various rewards were issued,\u201d Google\u2019s blog post said.\n\nThe full list of fixes in Chrome is: \n\n * [[49377](<http://code.google.com/p/chromium/issues/detail?id=49377>)] High CVE-2011-2835: Race condition in the certificate cache. Credit to Ryan Sleevi of the Chromium development community.\n * [[51464](<http://code.google.com/p/chromium/issues/detail?id=51464>)] Low CVE-2011-2836: Infobar the Windows Media Player plug-in to avoid click-free access to the system Flash. Credit to electronixtar.\n * [Linux only] [[57908](<http://code.google.com/p/chromium/issues/detail?id=57908>)] Low CVE-2011-2837: Use PIC / pie compiler flags. Credit to wbrana.\n * [[75070](<http://code.google.com/p/chromium/issues/detail?id=75070>)] Low CVE-2011-2838: Treat MIME type more authoritatively when loading plug-ins. Credit to Michal Zalewski of the Google Security Team.\n * [[76771](<http://code.google.com/p/chromium/issues/detail?id=76771>)] High CVE-2011-2839: Crash in v8 script object wrappers. Credit to Kostya Serebryany of the Chromium development community.\n * [[78427](<http://code.google.com/p/chromium/issues/detail?id=78427>)] [[83031](<http://code.google.com/p/chromium/issues/detail?id=83031>)] Low CVE-2011-2840: Possible URL bar spoofs with unusual user interaction. Credit to kuzzcc.\n * [$500] [[78639](<http://code.google.com/p/chromium/issues/detail?id=78639>)] High CVE-2011-2841: Garbage collection error in PDF. Credit to Mario Gomes.\n * [Mac only] [[80680](<http://code.google.com/p/chromium/issues/detail?id=80680>)] Low CVE-2011-2842: Insecure lock file handling in the Mac installer. Credit to Aaron Sigel of vtty.com.\n * [[82438](<http://code.google.com/p/chromium/issues/detail?id=82438>)] Medium CVE-2011-2843: Out-of-bounds read with media buffers. Credit to Kostya Serebryany of the Chromium development community.\n * [[85041](<http://code.google.com/p/chromium/issues/detail?id=85041>)] Medium CVE-2011-2844: Out-of-bounds read with mp3 files. Credit to Mario Gomes.\n * [$1000] [[89219](<http://code.google.com/p/chromium/issues/detail?id=89219>)] High CVE-2011-2846: Use-after-free in unload event handling. Credit to Arthur Gerkis.\n * [$1000] [[89330](<http://code.google.com/p/chromium/issues/detail?id=89330>)] High CVE-2011-2847: Use-after-free in document loader. Credit to miaubiz.\n * [$500] [[89564](<http://code.google.com/p/chromium/issues/detail?id=89564>)] Medium CVE-2011-2848: URL bar spoof with forward button. Credit to Jordi Chancel.\n * [[89795](<http://code.google.com/p/chromium/issues/detail?id=89795>)] Low CVE-2011-2849: Browser NULL pointer crash with WebSockets. Credit to Arthur Gerkis.\n * [$500] [[89991](<http://code.google.com/p/chromium/issues/detail?id=89991>)] Medium CVE-2011-3234: Out-of-bounds read in box handling. Credit to miaubiz.\n * [[90134](<http://code.google.com/p/chromium/issues/detail?id=90134>)] Medium CVE-2011-2850: Out-of-bounds read with Khmer characters. Credit to miaubiz.\n * [[90173](<http://code.google.com/p/chromium/issues/detail?id=90173>)] Medium CVE-2011-2851: Out-of-bounds read in video handling. Credit to Google Chrome Security Team (Inferno).\n * [$500] [[91120](<http://code.google.com/p/chromium/issues/detail?id=91120>)] High CVE-2011-2852: Off-by-one in v8. Credit to Christian Holler.\n * [[91197](<http://code.google.com/p/chromium/issues/detail?id=91197>)] High CVE-2011-2853: Use-after-free in plug-in handling. Credit to Google Chrome Security Team (SkyLined).\n * [$1000] [[92651](<http://code.google.com/p/chromium/issues/detail?id=92651>)] [[94800](<http://code.google.com/p/chromium/issues/detail?id=94800>)] High CVE-2011-2854: Use-after-free in ruby / table style handing. Credit to S\u0142awomir B\u0142a\u017cek, and independent later discoveries by miaubiz and Google Chrome Security Team (Inferno).\n * [$1000] [[92959](<http://code.google.com/p/chromium/issues/detail?id=92959>)] High CVE-2011-2855: Stale node in stylesheet handling. Credit to Arthur Gerkis.\n * [$2000] [[93416](<http://code.google.com/p/chromium/issues/detail?id=93416>)] High CVE-2011-2856: Cross-origin bypass in v8. Credit to Daniel Divricean.\n * [$1000] [[93420](<http://code.google.com/p/chromium/issues/detail?id=93420>)] High CVE-2011-2857: Use-after-free in focus controller. Credit to miaubiz.\n * [$1000] [[93472](<http://code.google.com/p/chromium/issues/detail?id=93472>)] High CVE-2011-2834: Double free in libxml XPath handling. Credit to Yang Dingning from NCNIPC, Graduate University of Chinese Academy of Sciences.\n * [[93497](<http://code.google.com/p/chromium/issues/detail?id=93497>)] Medium CVE-2011-2859: Incorrect permissions assigned to non-gallery pages. Credit to Bernhard \u2018Bruhns\u2019 Brehm of Recurity Labs.\n * [$1000] [[93587](<http://code.google.com/p/chromium/issues/detail?id=93587>)] High CVE-2011-2860: Use-after-free in table style handling. Credit to miaubiz.\n * [[93596](<http://code.google.com/p/chromium/issues/detail?id=93596>)] Medium CVE-2011-2861: Bad string read in PDF. Credit to Aki Helin of OUSPG.\n * [$2337] [[93906](<http://code.google.com/p/chromium/issues/detail?id=93906>)] High CVE-2011-2862: Unintended access to v8 built-in objects. Credit to Sergey Glazunov.\n * [[95563](<http://code.google.com/p/chromium/issues/detail?id=95563>)] Medium CVE-2011-2864: Out-of-bounds read with Tibetan characters. Credit to Google Chrome Security Team (Inferno).\n * [[95625](<http://code.google.com/p/chromium/issues/detail?id=95625>)] Medium CVE-2011-2858: Out-of-bounds read with triangle arrays. Credit to Google Chrome Security Team (Inferno).\n * [[95917](<http://code.google.com/p/chromium/issues/detail?id=95917>)] Low CVE-2011-2874: Failure to pin a self-signed cert for a session. Credit to Nishant Yadant of VMware and Craig Chamberlain (@randomuserid).\n * [$1000] [[95920](<http://code.google.com/p/chromium/issues/detail?id=95920>)] High CVE-2011-2852: Type confusion in v8 object sealing. Credit to Christian Holler.\n", "modified": "2013-04-17T16:33:45", "published": "2011-09-16T16:32:41", "id": "THREATPOST:56C48F4F377030474FAECBFB9640D3FB", "href": "https://threatpost.com/google-fixes-more-30-flaws-chrome-091611/75662/", "type": "threatpost", "title": "Google Fixes More Than 30 Flaws in Chrome", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-06T23:05:20", "bulletinFamily": "info", "description": "[](<https://threatpost.com/google-fixes-six-high-risk-bugs-chrome-pays-out-6k-bounties-062811/>)Google has fixed seven security vulnerabilities in its Chrome browser, including six high-priority flaws. The new release of Chrome is version 12.0.742.112 and also includes an updated version of Flash.\n\nThe [latest version of Chrome](<http://googlechromereleases.blogspot.com/2011/06/stable-channel-update_28.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+GoogleChromeReleases+%28Google+Chrome+Releases%29>) is the third major update from the company since just the end of May, as Google has become very aggressive in fixing bugs in the browser as quickly as possible. In this release, the company paid out a total of $6,000 in rewards to researchers who reported bugs. A researcher named Miabuiz took home $4,500 of that total for reporting five separate vulnerabilities.\n\nThe new version of the browser comes less than two weeks after the company pushed out the previous update for Chrome. On June 16 [Google fixed 15 security bugs in Chrome](<https://threatpost.com/google-fixes-15-bugs-chrome-gives-users-ability-delete-flash-cookies-060711/>) and also added a feature that enables users to delete Flash cookies in the same way that they can eliminate typical Web cookies.\n\nThe list of security bugs fixed in Chrome 12.0.742.112 is as follows: \n\n\n * [$1000] [[77493](<http://code.google.com/p/chromium/issues/detail?id=77493>)] Medium CVE-2011-2345: Out-of-bounds read in NPAPI string handling. Credit to Philippe Arteau.\n * [$1000] [[84355](<http://code.google.com/p/chromium/issues/detail?id=84355>)] High CVE-2011-2346: Use-after-free in SVG font handling. Credit to miaubiz.\n * [$1000] [[85003](<http://code.google.com/p/chromium/issues/detail?id=85003>)] High CVE-2011-2347: Memory corruption in CSS parsing. Credit to miaubiz.\n * [$500] [[85102](<http://code.google.com/p/chromium/issues/detail?id=85102>)] High CVE-2011-2350: Lifetime and re-entrancy issues in the HTML parser. Credit to miaubiz.\n * [$500] [[85177](<http://code.google.com/p/chromium/issues/detail?id=85177>)] High CVE-2011-2348: Bad bounds check in v8. Credit to Aki Helin of [OUSPG](<https://www.ee.oulu.fi/research/ouspg/>).\n * [$1000] [[85211](<http://code.google.com/p/chromium/issues/detail?id=85211>)] High CVE-2011-2351: Use-after-free with SVG use element. Credit to miaubiz.\n * [$1000] [[85418](<http://code.google.com/p/chromium/issues/detail?id=85418>)] High CVE-2011-2349: Use-after-free in text selection. Credit to miaubiz.\n", "modified": "2013-04-17T16:34:17", "published": "2011-06-28T17:46:35", "id": "THREATPOST:EFA18C0B8DDA565F15F18AD6D27B898B", "href": "https://threatpost.com/google-fixes-six-high-risk-bugs-chrome-pays-out-6k-bounties-062811/75377/", "type": "threatpost", "title": "Google Fixes Six High-Risk Bugs in Chrome, Pays Out $6k in Bounties", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:15", "bulletinFamily": "unix", "description": "### Background\n\nChromium is an open-source web browser project. V8 is Google's open source JavaScript engine. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. \n\n### Impact\n\nA local attacker could gain root privileges (CVE-2011-1444, fixed in chromium-11.0.696.57). \n\nA context-dependent attacker could entice a user to open a specially crafted web site or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process, or a Denial of Service condition. The attacker also could obtain cookies and other sensitive information, conduct man-in-the-middle attacks, perform address bar spoofing, bypass the same origin policy, perform Cross-Site Scripting attacks, or bypass pop-up blocks. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Chromium users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-client/chromium-15.0.874.102\"\n \n\nAll V8 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-lang/v8-3.5.10.22\"", "modified": "2011-11-01T00:00:00", "published": "2011-11-01T00:00:00", "id": "GLSA-201111-01", "href": "https://security.gentoo.org/glsa/201111-01", "type": "gentoo", "title": "Chromium, V8: Multiple vulnerabilities", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cve": [{"lastseen": "2019-05-29T18:11:12", "bulletinFamily": "NVD", "description": "Use-after-free vulnerability in Google Chrome before 12.0.742.112 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to text selection.", "modified": "2017-09-19T01:32:00", "id": "CVE-2011-2349", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2349", "published": "2011-06-29T17:55:00", "title": "CVE-2011-2349", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:11:15", "bulletinFamily": "NVD", "description": "Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to \"ruby / table style handing.\"", "modified": "2018-01-06T02:29:00", "id": "CVE-2011-2854", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2854", "published": "2011-09-19T12:02:00", "title": "CVE-2011-2854", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:11:12", "bulletinFamily": "NVD", "description": "The HTML parser in Google Chrome before 12.0.742.112 does not properly address \"lifetime and re-entrancy issues,\" which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.", "modified": "2017-09-19T01:32:00", "id": "CVE-2011-2350", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2350", "published": "2011-06-29T17:55:00", "title": "CVE-2011-2350", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:11:11", "bulletinFamily": "NVD", "description": "The NPAPI implementation in Google Chrome before 12.0.742.112 does not properly handle strings, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.", "modified": "2017-09-19T01:32:00", "id": "CVE-2011-2345", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2345", "published": "2011-06-29T17:55:00", "title": "CVE-2011-2345", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:11:16", "bulletinFamily": "NVD", "description": "Google V8, as used in Google Chrome before 14.0.835.163, does not properly restrict access to built-in objects, which has unspecified impact and remote attack vectors.", "modified": "2017-09-19T01:33:00", "id": "CVE-2011-2862", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2862", "published": "2011-09-19T12:02:00", "title": "CVE-2011-2862", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:11:22", "bulletinFamily": "NVD", "description": "Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to video source handling.", "modified": "2017-09-19T01:34:00", "id": "CVE-2011-3890", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3890", "published": "2011-10-25T19:55:00", "title": "CVE-2011-3890", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:11:15", "bulletinFamily": "NVD", "description": "Google Chrome before 14.0.835.163 does not properly process MP3 files, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.", "modified": "2017-09-19T01:33:00", "id": "CVE-2011-2844", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2844", "published": "2011-09-19T12:02:00", "title": "CVE-2011-2844", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:11:12", "bulletinFamily": "NVD", "description": "Use-after-free vulnerability in Google Chrome before 12.0.742.112 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG use elements.", "modified": "2017-09-19T01:32:00", "id": "CVE-2011-2351", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2351", "published": "2011-06-29T17:55:00", "title": "CVE-2011-2351", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:11:12", "bulletinFamily": "NVD", "description": "Use-after-free vulnerability in Google Chrome before 12.0.742.112 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG fonts.", "modified": "2017-09-19T01:32:00", "id": "CVE-2011-2346", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2346", "published": "2011-06-29T17:55:00", "title": "CVE-2011-2346", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:11:15", "bulletinFamily": "NVD", "description": "Google V8, as used in Google Chrome before 14.0.835.163, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.", "modified": "2017-09-19T01:33:00", "id": "CVE-2011-2856", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2856", "published": "2011-09-19T12:02:00", "title": "CVE-2011-2856", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2016-09-26T17:24:46", "bulletinFamily": "unix", "description": "\nGoogle Chrome Releases reports:\n\nFixed in 15.0.874.121:\n\t [103259] High CVE-2011-3900: Out-of-bounds write in v8. Credit to\n\t Christian Holler.\nFixed in 15.0.874.120:\n\t [100465] High CVE-2011-3892: Double free in Theora decoder. Credit\n\t to Aki Helin of OUSPG.\n\t [100492] [100543] Medium CVE-2011-3893: Out of bounds reads in MKV\n\t and Vorbis media handlers. Credit to Aki Helin of OUSPG.\n\t [101172] High CVE-2011-3894: Memory corruption regression in VP8\n\t decoding. Credit to Andrew Scherkus of the Chromium development\n\t community.\n\t [101458] High CVE-2011-3895: Heap overflow in Vorbis decoder.\n\t Credit to Aki Helin of OUSPG.\n\t [101624] High CVE-2011-3896: Buffer overflow in shader variable\n\t mapping. Credit to Ken \"strcpy\" Russell of the Chromium\n\t development community.\n\t [102242] High CVE-2011-3897: Use-after-free in editing. Credit to\n\t pa_kt reported through ZDI (ZDI-CAN-1416).\n\t [102461] Low CVE-2011-3898: Failure to ask for permission to run\n\t applets in JRE7. Credit to Google Chrome Security Team (Chris\n\t Evans).\nFixed in 15.0.874.102:\n\t [86758] High CVE-2011-2845: URL bar spoof in history handling.\n\t Credit to Jordi Chancel.\n\t [88949] Medium CVE-2011-3875: URL bar spoof with drag+drop of URLs.\n\t Credit to Jordi Chancel.\n\t [90217] Low CVE-2011-3876: Avoid stripping whitespace at the end of\n\t download filenames. Credit to Marc Novak.\n\t [91218] Low CVE-2011-3877: XSS in appcache internals page. Credit\n\t to Google Chrome Security Team (Tom Sepez) plus independent\n\t discovery by Juho Nurminen.\n\t [94487] Medium CVE-2011-3878: Race condition in worker process\n\t initialization. Credit to miaubiz.\n\t [95374] Low CVE-2011-3879: Avoid redirect to chrome scheme URIs.\n\t Credit to Masato Kinugawa.\n\t [95992] Low CVE-2011-3880: Don't permit as a HTTP header delimiter.\n\t Credit to Vladimir Vorontsov, ONsec company.\n\t [96047] [96885] [98053] [99512] [99750] High CVE-2011-3881:\n\t Cross-origin policy violations. Credit to Sergey Glazunov.\n\t [96292] High CVE-2011-3882: Use-after-free in media buffer handling.\n\t Credit to Google Chrome Security Team (Inferno).\n\t [96902] High CVE-2011-3883: Use-after-free in counter handling.\n\t Credit to miaubiz.\n\t [97148] High CVE-2011-3884: Timing issues in DOM traversal. Credit\n\t to Brian Ryner of the Chromium development community.\n\t [97599] [98064] [98556] [99294] [99880] [100059] High CVE-2011-3885:\n\t Stale style bugs leading to use-after-free. Credit to\n\t miaubiz.\n\t [98773] [99167] High CVE-2011-3886: Out of bounds writes in v8.\n\t Credit to Christian Holler.\n\t [98407] Medium CVE-2011-3887: Cookie theft with javascript URIs.\n\t Credit to Sergey Glazunov.\n\t [99138] High CVE-2011-3888: Use-after-free with plug-in and editing.\n\t Credit to miaubiz.\n\t [99211] High CVE-2011-3889: Heap overflow in Web Audio. Credit to\n\t miaubiz.\n\t [99553] High CVE-2011-3890: Use-after-free in video source handling.\n\t Credit to Ami Fischman of the Chromium development community.\n\t [100332] High CVE-2011-3891: Exposure of internal v8 functions.\n\t Credit to Steven Keuchel of the Chromium development community\n\t plus independent discovery by Daniel Divricean.\nFixed in 14.0.835.202:\n\t [93788] High CVE-2011-2876: Use-after-free in text line box\n\t handling. Credit to miaubiz.\n\t [95072] High CVE-2011-2877: Stale font in SVG text handling. Credit\n\t to miaubiz.\n\t [95671] High CVE-2011-2878: Inappropriate cross-origin access to the\n\t window prototype. Credit to Sergey Glazunov.\n\t [96150] High CVE-2011-2879: Lifetime and threading issues in audio\n\t node handling. Credit to Google Chrome Security Team\n\t (Inferno).\n\t [97451] [97520] [97615] High CVE-2011-2880: Use-after-free in the v8\n\t bindings. Credit to Sergey Glazunov.\n\t [97784] High CVE-2011-2881: Memory corruption with v8 hidden\n\t objects. Credit to Sergey Glazunov.\n\t [98089] Critical CVE-2011-3873: Memory corruption in shader\n\t translator. Credit to Zhenyao Mo of the Chromium development\n\t community.\nFixed in 14.0.835.163:\n\t [49377] High CVE-2011-2835: Race condition in the certificate cache.\t Credit to Ryan Sleevi of the Chromium development community.\n\t [51464] Low CVE-2011-2836: Infobar the Windows Media Player plug-in\n\t to avoid click-free access to the system Flash. Credit to\n\t electronixtar.\n\t [Linux only] [57908] Low CVE-2011-2837: Use PIC / pie compiler\n\t flags. Credit to wbrana.\n\t [75070] Low CVE-2011-2838: Treat MIME type more authoritatively when\n\t loading plug-ins. Credit to Michal Zalewski of the Google Security\n\t Team.\n\t [76771] High CVE-2011-2839: Crash in v8 script object wrappers.\n\t Credit to Kostya Serebryany of the Chromium development\n\t community.\n\t [78427] [83031] Low CVE-2011-2840: Possible URL bar spoofs with\n\t unusual user interaction. Credit to kuzzcc.\n\t [78639] High CVE-2011-2841: Garbage collection error in PDF. Credit\n\t to Mario Gomes.\n\t [82438] Medium CVE-2011-2843: Out-of-bounds read with media buffers.\n\t Credit to Kostya Serebryany of the Chromium development\n\t community.\n\t [85041] Medium CVE-2011-2844: Out-of-bounds read with mp3 files.\n\t Credit to Mario Gomes.\n\t [89219] High CVE-2011-2846: Use-after-free in unload event handling.\n\t Credit to Arthur Gerkis.\n\t [89330] High CVE-2011-2847: Use-after-free in document loader.\n\t Credit to miaubiz.\n\t [89564] Medium CVE-2011-2848: URL bar spoof with forward button.\n\t Credit to Jordi Chancel.\n\t [89795] Low CVE-2011-2849: Browser NULL pointer crash with\n\t WebSockets. Credit to Arthur Gerkis.\n\t [89991] Medium CVE-2011-3234: Out-of-bounds read in box handling.\n\t Credit to miaubiz.\n\t [90134] Medium CVE-2011-2850: Out-of-bounds read with Khmer\n\t characters. Credit to miaubiz.\n\t [90173] Medium CVE-2011-2851: Out-of-bounds read in video handling.\n\t Credit to Google Chrome Security Team (Inferno).\n\t [91120] High CVE-2011-2852: Off-by-one in v8. Credit to Christian\n\t Holler.\n\t [91197] High CVE-2011-2853: Use-after-free in plug-in handling.\n\t Credit to Google Chrome Security Team (SkyLined).\n\t [92651] [94800] High CVE-2011-2854: Use-after-free in ruby / table\n\t style handing. Credit to Slawomir Blazek, and independent later\n\t discoveries by miaubiz and Google Chrome Security Team\n\t (Inferno).\n\t [92959] High CVE-2011-2855: Stale node in stylesheet handling.\n\t Credit to Arthur Gerkis.\n\t [93416] High CVE-2011-2856: Cross-origin bypass in v8. Credit to\n\t Daniel Divricean.\n\t [93420] High CVE-2011-2857: Use-after-free in focus controller.\n\t Credit to miaubiz.\n\t [93472] High CVE-2011-2834: Double free in libxml XPath handling.\n\t Credit to Yang Dingning from NCNIPC, Graduate University of\n\t Chinese Academy of Sciences.\n\t [93497] Medium CVE-2011-2859: Incorrect permissions assigned to\n\t non-gallery pages. Credit to Bernhard \"Bruhns\" Brehm of Recurity\n\t Labs.\n\t [93587] High CVE-2011-2860: Use-after-free in table style handling.\n\t Credit to miaubiz.\n\t [93596] Medium CVE-2011-2861: Bad string read in PDF. Credit to Aki\n\t Helin of OUSPG.\n\t [93906] High CVE-2011-2862: Unintended access to v8 built-in\n\t objects. Credit to Sergey Glazunov.\n\t [95563] Medium CVE-2011-2864: Out-of-bounds read with Tibetan\n\t characters. Credit to Google Chrome Security Team (Inferno).\n\t [95625] Medium CVE-2011-2858: Out-of-bounds read with triangle\n\t arrays. Credit to Google Chrome Security Team (Inferno).\n\t [95917] Low CVE-2011-2874: Failure to pin a self-signed cert for a\n\t session. Credit to Nishant Yadant of VMware and Craig Chamberlain\n\t (@randomuserid).\n\t High CVE-2011-2875: Type confusion in v8 object sealing. Credit to\n\t Christian Holler.\nFixed in 13.0.782.215:\n\t [89402] High CVE-2011-2821: Double free in libxml XPath handling.\n\t Credit to Yang Dingning from NCNIPC, Graduate University of\n\t Chinese Academy of Sciences.\n\t [82552] High CVE-2011-2823: Use-after-free in line box handling.\n\t Credit to Google Chrome Security Team (SkyLined) and independent\n\t later discovery by miaubiz.\n\t [88216] High CVE-2011-2824: Use-after-free with counter nodes.\n\t Credit to miaubiz.\n\t [88670] High CVE-2011-2825: Use-after-free with custom fonts. Credit\n\t to wushi of team509 reported through ZDI (ZDI-CAN-1283), plus\n\t indepdendent later discovery by miaubiz.\n\t [87453] High CVE-2011-2826: Cross-origin violation with empty\n\t origins. Credit to Sergey Glazunov.\n\t [90668] High CVE-2011-2827: Use-after-free in text searching. Credit\n\t to miaubiz.\n\t [91517] High CVE-2011-2828: Out-of-bounds write in v8. Credit to\n\t Google Chrome Security Team (SkyLined).\n\t [32-bit only] [91598] High CVE-2011-2829: Integer overflow in\n\t uniform arrays. Credit to Sergey Glazunov.\n\t [Linux only] [91665] High CVE-2011-2839: Buggy memset() in PDF.\n\t Credit to Aki Helin of OUSPG.\nFixed in 13.0.782.107:\n\t [75821] Medium CVE-2011-2358: Always confirm an extension install\n\t via a browser dialog. Credit to Sergey Glazunov.\n\t [78841] High CVE-2011-2359: Stale pointer due to bad line box\n\t tracking in rendering. Credit to miaubiz and Martin Barbella.\n\t [79266] Low CVE-2011-2360: Potential bypass of dangerous file\n\t prompt. Credit to kuzzcc.\n\t [79426] Low CVE-2011-2361: Improve designation of strings in the\n\t basic auth dialog. Credit to kuzzcc.\n\t [Linux only] [81307] Medium CVE-2011-2782: File permissions error\n\t with drag and drop. Credit to Evan Martin of the Chromium\n\t development community.\n\t [83273] Medium CVE-2011-2783: Always confirm a developer mode NPAPI\n\t extension install via a browser dialog. Credit to Sergey\n\t Glazunov.\n\t [83841] Low CVE-2011-2784: Local file path disclosure via GL\n\t program log. Credit to kuzzcc.\n\t [84402] Low CVE-2011-2785: Sanitize the homepage URL in extensions.\n\t Credit to kuzzcc.\n\t [84600] Low CVE-2011-2786: Make sure the speech input bubble is\n\t always on-screen. Credit to Olli Pettay of Mozilla.\n\t [84805] Medium CVE-2011-2787: Browser crash due to GPU lock\n\t re-entrancy issue. Credit to kuzzcc.\n\t [85559] Low CVE-2011-2788: Buffer overflow in inspector\n\t serialization. Credit to Mikolaj Malecki.\n\t [85808] Medium CVE-2011-2789: Use after free in Pepper plug-in\n\t instantiation. Credit to Mario Gomes and kuzzcc.\n\t [86502] High CVE-2011-2790: Use-after-free with floating styles.\n\t Credit to miaubiz.\n\t [86900] High CVE-2011-2791: Out-of-bounds write in ICU. Credit to\n\t Yang Dingning from NCNIPC, Graduate University of Chinese Academy\n\t of Sciences.\n\t [87148] High CVE-2011-2792: Use-after-free with float removal.\n\t Credit to miaubiz.\n\t [87227] High CVE-2011-2793: Use-after-free in media selectors.\n\t Credit to miaubiz.\n\t [87298] Medium CVE-2011-2794: Out-of-bounds read in text iteration.\n\t Credit to miaubiz.\n\t [87339] Medium CVE-2011-2795: Cross-frame function leak. Credit to\n\t Shih Wei-Long.\n\t [87548] High CVE-2011-2796: Use-after-free in Skia. Credit to Google\n\t Chrome Security Team (Inferno) and Kostya Serebryany of the\n\t Chromium development community.\n\t [87729] High CVE-2011-2797: Use-after-free in resource caching.\n\t Credit to miaubiz.\n\t [87815] Low CVE-2011-2798: Prevent a couple of internal schemes from\n\t being web accessible. Credit to sirdarckcat of the Google Security\n\t Team.\n\t [87925] High CVE-2011-2799: Use-after-free in HTML range handling.\n\t Credit to miaubiz.\n\t [88337] Medium CVE-2011-2800: Leak of client-side redirect target.\n\t Credit to Juho Nurminen.\n\t [88591] High CVE-2011-2802: v8 crash with const lookups. Credit to\n\t Christian Holler.\n\t [88827] Medium CVE-2011-2803: Out-of-bounds read in Skia paths.\n\t Credit to Google Chrome Security Team (Inferno).\n\t [88846] High CVE-2011-2801: Use-after-free in frame loader. Credit\n\t to miaubiz.\n\t [88889] High CVE-2011-2818: Use-after-free in display box rendering.\n\t Credit to Martin Barbella.\n\t [89142] High CVE-2011-2804: PDF crash with nested functions. Credit\n\t to Aki Helin of OUSPG.\n\t [89520] High CVE-2011-2805: Cross-origin script injection. Credit to\n\t Sergey Glazunov.\n\t [90222] High CVE-2011-2819: Cross-origin violation in base URI\n\t handling. Credit to Sergey Glazunov.\nFixed in 12.0.742.112:\n\t [77493] Medium CVE-2011-2345: Out-of-bounds read in NPAPI string\n\t handling. Credit to Philippe Arteau.\n\t [84355] High CVE-2011-2346: Use-after-free in SVG font handling.\n\t Credit to miaubiz.\n\t [85003] High CVE-2011-2347: Memory corruption in CSS parsing. Credit\n\t to miaubiz.\n\t [85102] High CVE-2011-2350: Lifetime and re-entrancy issues in the\n\t HTML parser. Credit to miaubiz.\n\t [85177] High CVE-2011-2348: Bad bounds check in v8. Credit to Aki\n\t Helin of OUSPG.\n\t [85211] High CVE-2011-2351: Use-after-free with SVG use element.\n\t Credit to miaubiz.\n\t [85418] High CVE-2011-2349: Use-after-free in text selection. Credit\n\t to miaubiz.\nFixed in 12.0.742.91:\n\t [73962] [79746] High CVE-2011-1808: Use-after-free due to integer\n\t issues in float handling. Credit to miaubiz.\n\t [75496] Medium CVE-2011-1809: Use-after-free in accessibility\n\t support. Credit to Google Chrome Security Team (SkyLined).\n\t [75643] Low CVE-2011-1810: Visit history information leak in CSS.\n\t Credit to Jesse Mohrland of Microsoft and Microsoft Vulnerability\n\t Research (MSVR).\n\t [76034] Low CVE-2011-1811: Browser crash with lots of form\n\t submissions. Credit to \"DimitrisV22\".\n\t [77026] Medium CVE-2011-1812: Extensions permission bypass. Credit\n\t to kuzzcc.\n\t [78516] High CVE-2011-1813: Stale pointer in extension framework.\n\t Credit to Google Chrome Security Team (Inferno).\n\t [79362] Medium CVE-2011-1814: Read from uninitialized pointer.\n\t Credit to Eric Roman of the Chromium development community.\n\t [79862] Low CVE-2011-1815: Extension script injection into new tab\n\t page. Credit to kuzzcc.\n\t [80358] Medium CVE-2011-1816: Use-after-free in developer tools.\n\t Credit to kuzzcc.\n\t [81916] Medium CVE-2011-1817: Browser memory corruption in history\n\t deletion. Credit to Collin Payne.\n\t [81949] High CVE-2011-1818: Use-after-free in image loader. Credit\n\t to miaubiz.\n\t [83010] Medium CVE-2011-1819: Extension injection into chrome://\n\t pages. Credit to Vladislavas Jarmalis, plus subsequent\n\t independent discovery by Sergey Glazunov.\n\t [83275] High CVE-2011-2332: Same origin bypass in v8. Credit to\n\t Sergey Glazunov.\n\t [83743] High CVE-2011-2342: Same origin bypass in DOM. Credit to\n\t Sergey Glazunov.\nFixed in 11.0.696.71:\n\t [72189] Low CVE-2011-1801: Pop-up blocker bypass. Credit to Chamal\n\t De Silva.\n\t [82546] High CVE-2011-1804: Stale pointer in floats rendering.\n\t Credit to Martin Barbella.\n\t [82873] Critical CVE-2011-1806: Memory corruption in GPU command\n\t buffer. Credit to Google Chrome Security Team (Cris Neckar).\n\t [82903] Critical CVE-2011-1807: Out-of-bounds write in blob\n\t handling. Credit to Google Chrome Security Team (Inferno) and\n\t Kostya Serebryany of the Chromium development community.\nFixed in 11.0.696.68:\n\t [64046] High CVE-2011-1799: Bad casts in Chromium WebKit glue.\n\t Credit to Google Chrome Security Team (SkyLined).\n\t [80608] High CVE-2011-1800: Integer overflows in SVG filters.\n\t Credit to Google Chrome Security Team (Cris Neckar).\nFixed in 11.0.696.57:\n\t [61502] High CVE-2011-1303: Stale pointer in floating object\n\t handling. Credit to Scott Hess of the Chromium development\n\t community and Martin Barbella.\n\t [70538] Low CVE-2011-1304: Pop-up block bypass via plug-ins. Credit\n\t to Chamal De Silva.\n\t [Linux / Mac only] [70589] Medium CVE-2011-1305: Linked-list race\n\t in database handling. Credit to Kostya Serebryany of the\n\t Chromium development community.\n\t [71586] Medium CVE-2011-1434: Lack of thread safety in MIME\n\t handling. Credit to Aki Helin.\n\t [72523] Medium CVE-2011-1435: Bad extension with \"tabs\" permission\n\t can capture local files. Credit to Cole Snodgrass.\n\t [Linux only] [72910] Low CVE-2011-1436: Possible browser crash due\n\t to bad interaction with X. Credit to miaubiz.\n\t [73526] High CVE-2011-1437: Integer overflows in float rendering.\n\t Credit to miaubiz.\n\t [74653] High CVE-2011-1438: Same origin policy violation with\n\t blobs. Credit to kuzzcc.\n\t [Linux only] [74763] High CVE-2011-1439: Prevent interference\n\t between renderer processes. Credit to Julien Tinnes of the\n\t Google Security Team.\n\t [75186] High CVE-2011-1440: Use-after-free with <ruby> tag\n\t and CSS. Credit to Jose A. Vazquez.\n\t [75347] High CVE-2011-1441: Bad cast with floating select lists.\n\t Credit to Michael Griffiths.\n\t [75801] High CVE-2011-1442: Corrupt node trees with mutation events.\n\t Credit to Sergey Glazunov and wushi of team 509.\n\t [76001] High CVE-2011-1443: Stale pointers in layering code. Credit\n\t to Martin Barbella.\n\t [Linux only] [76542] High CVE-2011-1444: Race condition in sandbox\n\t launcher. Credit to Dan Rosenberg.\n\t Medium CVE-2011-1445: Out-of-bounds read in SVG. Credit to wushi of\n\t team509.\n\t [76666] [77507] [78031] High CVE-2011-1446: Possible URL bar spoofs\n\t with navigation errors and interrupted loads. Credit to\n\t kuzzcc.\n\t [76966] High CVE-2011-1447: Stale pointer in drop-down list\n\t handling. Credit to miaubiz.\n\t [77130] High CVE-2011-1448: Stale pointer in height calculations.\n\t Credit to wushi of team509.\n\t [77346] High CVE-2011-1449: Use-after-free in WebSockets. Credit to\n\t Marek Majkowski.\n\t Low CVE-2011-1450: Dangling pointers in file dialogs. Credit to\n\t kuzzcc.\n\t [77463] High CVE-2011-1451: Dangling pointers in DOM id map. Credit\n\t to Sergey Glazunov.\n\t [77786] Medium CVE-2011-1452: URL bar spoof with redirect and manual\n\t reload. Credit to Jordi Chancel.\n\t [79199] High CVE-2011-1454: Use-after-free in DOM id handling.\n\t Credit to Sergey Glazunov.\n\t [79361] Medium CVE-2011-1455: Out-of-bounds read with\n\t multipart-encoded PDF. Credit to Eric Roman of the Chromium\n\t development community.\n\t [79364] High CVE-2011-1456: Stale pointers with PDF forms. Credit to\n\t Eric Roman of the Chromium development community.\nFixed in 10.0.648.205:\n\t [75629] Critical CVE-2011-1301: Use-after-free in the GPU process.\n\t Credit to Google Chrome Security Team (Inferno).\n\t [78524] Critical CVE-2011-1302: Heap overflow in the GPU process.\n\t Credit to Christoph Diehl.\nFixed in 10.0.648.204:\n\t [72517] High CVE-2011-1291: Buffer error in base string handling.\n\t Credit to Alex Turpin.\n\t [73216] High CVE-2011-1292: Use-after-free in the frame loader.\n\t Credit to Slawomir Blazek.\n\t [73595] High CVE-2011-1293: Use-after-free in HTMLCollection.\n\t Credit to Sergey Glazunov.\n\t [74562] High CVE-2011-1294: Stale pointer in CSS handling.\n\t Credit to Sergey Glazunov.\n\t [74991] High CVE-2011-1295: DOM tree corruption with broken node\n\t parentage. Credit to Sergey Glazunov.\n\t [75170] High CVE-2011-1296: Stale pointer in SVG text handling.\n\t Credit to Sergey Glazunov.\nFixed in 10.0.648.133:\n\t [75712] High Memory corruption in style handling.\n\t Credit to Vincenzo Iozzo, Ralf Philipp Weinmann and Willem\n\t Pinckaers reported through ZDI.\nFixed in 10.0.648.127:\n\t [42765] Low Possible to navigate or close the top location in a\n\t sandboxed frame. Credit to sirdarckcat of the Google Security\n\t Team.\n\t [Linux only] [49747] Low Work around an X server bug and crash with\n\t long messages. Credit to Louis Lang.\n\t [Linux only] [66962] Low Possible browser crash with parallel\n\t print()s. Credit to Aki Helin of OUSPG.\n\t [69187] Medium Cross-origin error message leak. Credit to Daniel\n\t Divricean.\n\t [69628] High Memory corruption with counter nodes. Credit to Martin\n\t Barbella.\n\t [70027] High Stale node in box layout. Credit to Martin\n\t Barbella.\n\t [70336] Medium Cross-origin error message leak with workers. Credit\n\t to Daniel Divricean.\n\t [70442] High Use after free with DOM URL handling. Credit to Sergey\n\t Glazunov.\n\t [Linux only] [70779] Medium Out of bounds read handling unicode\n\t ranges. Credit to miaubiz.\n\t [70877] High Same origin policy bypass in v8. Credit to Daniel\n\t Divricean.\n\t [70885] [71167] Low Pop-up blocker bypasses. Credit to Chamal de\n\t Silva.\n\t [71763] High Use-after-free in document script lifetime handling.\n\t Credit to miaubiz.\n\t [71788] High Out-of-bounds write in the OGG container. Credit to\n\t Google Chrome Security Team (SkyLined); plus subsequent\n\t independent discovery by David Weston of Microsoft and MSVR.\n\t [72028] High Stale pointer in table painting. Credit to Martin\n\t Barbella.\n\t [73026] High Use of corrupt out-of-bounds structure in video code.\n\t Credit to Tavis Ormandy of the Google Security Team.\n\t [73066] High Crash with the DataView object. Credit to Sergey\n\t Glazunov.\n\t [73134] High Bad cast in text rendering. Credit to miaubiz.\n\t [73196] High Stale pointer in WebKit context code. Credit to Sergey\n\t Glazunov.\n\t [73716] Low Leak of heap address in XSLT. Credit to Google Chrome\n\t Security Team (Chris Evans).\n\t [73746] High Stale pointer with SVG cursors. Credit to Sergey\n\t Glazunov.\n\t [74030] High DOM tree corruption with attribute handling. Credit to\n\t Sergey Glazunov.\n\t [74662] High Corruption via re-entrancy of RegExp code. Credit to\n\t Christian Holler.\n\t [74675] High Invalid memory access in v8. Credit to Christian\n\t Holler.\nFixed in 9.0.597.107:\n\t [54262] High URL bar spoof. Credit to Jordi Chancel.\n\t [63732] High Crash with javascript dialogs. Credit to Sergey\n\t Radchenko.\n\t [68263] High Stylesheet node stale pointer. Credit to Sergey\n\t Glazunov.\n\t [68741] High Stale pointer with key frame rule. Credit to Sergey\n\t Glazunov.\n\t [70078] High Crash with forms controls. Credit to Stefan van\n\t Zanden.\n\t [70244] High Crash in SVG rendering. Credit to Slawomir Blazek.\n\t [64-bit Linux only] [70376] Medium Out-of-bounds read in pickle\n\t deserialization. Credit to Evgeniy Stepanov of the Chromium\n\t development community.\n\t [71114] High Stale node in table handling. Credit to Martin\n\t Barbella.\n\t [71115] High Stale pointer in table rendering. Credit to Martin\n\t Barbella.\n\t [71296] High Stale pointer in SVG animations. Credit to\n\t miaubiz.\n\t [71386] High Stale nodes in XHTML. Credit to wushi of team509.\n\t [71388] High Crash in textarea handling. Credit to wushi of\n\t team509.\n\t [71595] High Stale pointer in device orientation. Credit to Sergey\n\t Glazunov.\n\t [71717] Medium Out-of-bounds read in WebGL. Credit to miaubiz.\n\t [71855] High Integer overflow in textarea handling. Credit to\n\t miaubiz.\n\t [71960] Medium Out-of-bounds read in WebGL. Credit to Google Chrome\n\t Security Team (Inferno).\n\t [72214] High Accidental exposure of internal extension functions.\n\t Credit to Tavis Ormandy of the Google Security Team.\n\t [72437] High Use-after-free with blocked plug-ins. Credit to Chamal\n\t de Silva.\n\t [73235] High Stale pointer in layout. Credit to Martin Barbella.\nFixed in 9.0.597.94:\n\t [67234] High Stale pointer in animation event handling. Credit to\n\t Rik Cabanier.\n\t [68120] High Use-after-free in SVG font faces. Credit to\n\t miaubiz.\n\t [69556] High Stale pointer with anonymous block handling. Credit to\n\t Martin Barbella.\n\t [69970] Medium Out-of-bounds read in plug-in handling. Credit to\n\t Bill Budge of Google.\n\t [70456] Medium Possible failure to terminate process on\n\t out-of-memory condition. Credit to David Warren of CERT/CC.\nFixed in 9.0.597.84:\n\t [Mac only] [42989] Low Minor sandbox leak via stat(). Credit to\n\t Daniel Cheng of the Chromium development community.\n\t [55831] High Use-after-free in image loading. Credit to Aki\n\t Helin of OUSPG.\n\t [59081] Low Apply some restrictions to cross-origin drag + drop.\n\t Credit to Google Chrome Security Team (SkyLined) and the Google\n\t Security Team (Michal Zalewski, David Bloom).\n\t [62791] Low Browser crash with extension with missing key. Credit\n\t to Brian Kirchoff.\n\t [64051] High Crashing when printing in PDF event handler. Credit to\n\t Aki Helin of OUSPG.\n\t [65669] Low Handle merging of autofill profiles more gracefully.\n\t Credit to Google Chrome Security Team (Inferno).\n\t [Mac only] [66931] Low Work around a crash in the Mac OS 10.5 SSL\n\t libraries. Credit to Dan Morrison.\n\t [68244] Low Browser crash with bad volume setting. Credit to\n\t Matthew Heidermann.\n\t [69195] Critical Race condition in audio handling. Credit to the\n\t gamers of Reddit!\nFixed in 8.0.552.237:\n\t [58053] Medium Browser crash in extensions notification handling.\n\t Credit to Eric Roman of the Chromium development community.\n\t [65764] High Bad pointer handling in node iteration. Credit to\n\t Sergey Glazunov.\n\t [66334] High Crashes when printing multi-page PDFs. Credit to\n\t Google Chrome Security Team (Chris Evans).\n\t [66560] High Stale pointer with CSS + canvas. Credit to Sergey\n\t Glazunov.\n\t [66748] High Stale pointer with CSS + cursors. Credit to Jan\n\t Tosovsk.\n\t [67100] High Use after free in PDF page handling. Credit to Google\n\t Chrome Security Team (Chris Evans).\n\t [67208] High Stack corruption after PDF out-of-memory condition.\n\t Credit to Jared Allar of CERT.\n\t [67303] High Bad memory access with mismatched video frame sizes.\n\t Credit to Aki Helin of OUSPG; plus independent discovery by\n\t Google Chrome Security Team (SkyLined) and David Warren of\n\t CERT.\n\t [67363] High Stale pointer with SVG use element. Credited\n\t anonymously; plus indepdent discovery by miaubiz.\n\t [67393] Medium Uninitialized pointer in the browser triggered by\n\t rogue extension. Credit to kuzzcc.\n\t [68115] High Vorbis decoder buffer overflows. Credit to David\n\t Warren of CERT.\n\t [68170] High Buffer overflow in PDF shading. Credit to Aki Helin of\n\t OUSPG.\n\t [68178] High Bad cast in anchor handling. Credit to Sergey\n\t Glazunov.\n\t [68181] High Bad cast in video handling. Credit to Sergey\n\t Glazunov.\n\t [68439] High Stale rendering node after DOM node removal. Credit to\n\t Martin Barbella; plus independent discovery by Google Chrome\n\t Security Team (SkyLined).\n\t [68666] Critical Stale pointer in speech handling. Credit to Sergey\n\t Glazunov.\nFixed in 8.0.552.224:\n\t [64-bit Linux only] [56449] High Bad validation for message\n\t deserialization on 64-bit builds. Credit to Lei Zhang of the\n\t Chromium development community.\n\t [60761] Medium Bad extension can cause browser crash in tab\n\t handling. Credit to kuzzcc.\n\t [63529] Low Browser crash with NULL pointer in web worker handling.\n\t Credit to Nathan Weizenbaum of Google.\n\t [63866] Medium Out-of-bounds read in CSS parsing. Credit to Chris\n\t Rohlf.\n\t [64959] High Stale pointers in cursor handling. Credit to Slawomir\n\t Blazek and Sergey Glazunov.\nFixed in 8.0.552.215:\n\t [17655] Low Possible pop-up blocker bypass. Credit to Google Chrome\n\t Security Team (SkyLined).\n\t [55745] Medium Cross-origin video theft with canvas. Credit to\n\t Nirankush Panchbhai and Microsoft Vulnerability Research\n\t (MSVR).\n\t [56237] Low Browser crash with HTML5 databases. Credit to Google\n\t Chrome Security Team (Inferno).\n\t [58319] Low Prevent excessive file dialogs, possibly leading to\n\t browser crash. Credit to Cezary Tomczak (gosu.pl).\n\t [59554] High Use after free in history handling. Credit to Stefan\n\t Troger.\n\t [Linux / Mac] [59817] Medium Make sure the \"dangerous file types\"\n\t list is uptodate with the Windows platforms. Credit to Billy Rios\n\t of the Google Security Team.\n\t [61701] Low Browser crash with HTTP proxy authentication. Credit to\n\t Mohammed Bouhlel.\n\t [61653] Medium Out-of-bounds read regression in WebM video support.\n\t Credit to Google Chrome Security Team (Chris Evans), based on\n\t earlier testcases from Mozilla and Microsoft (MSVR).\n\t [62127] High Crash due to bad indexing with malformed video. Credit\n\t to miaubiz.\n\t [62168] Medium Possible browser memory corruption via malicious\n\t privileged extension. Credit to kuzzcc.\n\t [62401] High Use after free with SVG animations. Credit to Slawomir\n\t Blazek.\n\t [63051] Medium Use after free in mouse dragging event handling.\n\t Credit to kuzzcc.\n\t [63444] High Double free in XPath handling. Credit to Yang Dingning\n\t from NCNIPC, Graduate University of Chinese Academy of Sciences.\nFixed in 7.0.517.44:\n\t [51602] High Use-after-free in text editing. Credit to David Bloom\n\t of the Google Security Team, Google Chrome Security Team (Inferno)\n\t and Google Chrome Security Team (Cris Neckar).\n\t [55257] High Memory corruption with enormous text area. Credit to\n\t wushi of team509.\n\t [58657] High Bad cast with the SVG use element. Credit to the\n\t kuzzcc.\n\t [58731] High Invalid memory read in XPath handling. Credit to Bui\n\t Quang Minh from Bkis (www.bkis.com).\n\t [58741] High Use-after-free in text control selections. Credit to\n\t \"vkouchna\".\n\t [Linux only] [59320] High Integer overflows in font handling. Credit\n\t to Aki Helin of OUSPG.\n\t [60055] High Memory corruption in libvpx. Credit to Christoph\n\t Diehl.\n\t [60238] High Bad use of destroyed frame object. Credit to various\n\t developers, including \"gundlach\".\n\t [60327] [60769] [61255] High Type confusions with event objects.\n\t Credit to \"fam.lam\" and Google Chrome Security Team\n\t (Inferno).\n\t [60688] High Out-of-bounds array access in SVG handling. Credit to\n\t wushi of team509.\nFixed in 7.0.517.43:\n\t [48225] [51727] Medium Possible autofill / autocomplete profile\n\t spamming. Credit to Google Chrome Security Team (Inferno).\n\t [48857] High Crash with forms. Credit to the Chromium development\n\t community.\n\t [50428] Critical Browser crash with form autofill. Credit to the\n\t Chromium development community.\n\t [51680] High Possible URL spoofing on page unload. Credit to kuzzcc;\n\t plus independent discovery by Jordi Chancel.\n\t [53002] Low Pop-up block bypass. Credit to kuzzcc.\n\t [53985] Medium Crash on shutdown with Web Sockets. Credit to the\n\t Chromium development community.\n\t [Linux only] [54132] Low Bad construction of PATH variable. Credit\n\t to Dan Rosenberg, Virtual Security Research.\n\t [54500] High Possible memory corruption with animated GIF. Credit to\n\t Simon Schaak.\n\t [Linux only] [54794] High Failure to sandbox worker processes on\n\t Linux. Credit to Google Chrome Security Team (Chris Evans).\n\t [56451] High Stale elements in an element map. Credit to Michal\n\t Zalewski of the Google Security Team.\n\n", "modified": "2011-11-17T00:00:00", "published": "2010-10-19T00:00:00", "href": "https://vuxml.freebsd.org/freebsd/6887828f-0229-11e0-b84d-00262d5ed8ee.html", "id": "6887828F-0229-11E0-B84D-00262D5ED8EE", "title": "chromium -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T17:59:01", "bulletinFamily": "exploit", "description": "No description provided by source.", "modified": "2011-10-05T00:00:00", "published": "2011-10-05T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-20968", "id": "SSV:20968", "title": "Google Chrome &lt; 14.0.835.163 PDF File Handling Memory Corruption", "type": "seebug", "sourceData": "\n ----------------Security Adisory----------------\r\n \r\nTitle: Google Chrome &lt; 14.0.835.163 PDF File Handling Memory Corruption Vulnerability (CVE-2011-2841)\r\nSec-Security: Hich\r\nCVE-Number: CVE-2011-2841\r\nDate of discovery: 04/06/2011(MM/DD/YYYY)\r\nFix date: 06/28/2011(MM/DD/YYYY)\r\nFixed Version: Google Chrome &gt;= 14.0.835.163\r\nDiscovered by: Mario Gomes\r\n \r\n \r\n----------------Summary----------------\r\n \r\nGoogle Chrome is a web browser developed by Google that uses the WebKit layout engine.\r\nIt was first released as a beta version for Microsoft Windows on September 2, 2008, and the public stable release was on December 11, 2008.\r\nThe name is derived from the graphical user interface frame, or &quot;chrome&quot;, of web browsers.\r\nAs of August 2011, Chrome is the third most widely used browser with 23.16% worldwide usage share of web browsers, according to StatCounter.(From Wikipedia)\r\n \r\n \r\n \r\n----------------Description----------------\r\n \r\nGoogle Chrome suffers from a memory corruption vulnerability that occurs in the manipulation of PDF files.\r\nThe failure occurs when the browser opens an HTML file that contains multiple tag &lt;IFRAME&gt; pointing to a PDF file.\r\nSo it is a memory corruption flaw allows code to run within the sandbox.\r\n \r\n \r\n----------------Stacktrace----------------\r\n \r\nThis stracktrace shows a clear memory corruption, because I do not have the symbols of Google's PDF viewer can not give more details.\r\n \r\n(648.41c): Access violation - code c0000005 (first chance)\r\nFirst chance exceptions are reported before any exception handling.\r\nThis exception may be expected and handled.\r\neax=049c4000 ebx=0000efee ecx=049bc7a0 edx=841d63b9 esi=00000000 edi=049bf000\r\neip=6f3f9332 esp=002feaa0 ebp=002feac4 iopl=0 nv up ei pl nz na pe nc\r\ncs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00210206\r\n*** ERROR: Symbol file could not be found. Defaulted to export symbols for D:\\Users\\Cassio\\AppData\\Local\\Google\\Chrome\\Application\\12.0.742.91\\pdf.dll -\r\npdf!PPP_GetInterface+0x17be62:\r\n6f3f9332 8b08 mov ecx,dword ptr [eax] ds:0023:049c4000=????????\r\nStacktrace:\r\npdf!PPP_GetInterface+0x17be62\r\npdf!PPP_GetInterface+0x17430f\r\npdf!PPP_GetInterface+0x172fe1\r\npdf!PPP_GetInterface+0x28d40\r\npdf!PPP_GetInterface+0x11db6\r\npdf!GetPDFDocInfo+0x1944f\r\npdf!GetPDFDocInfo+0x18cce\r\npdf!GetPDFDocInfo+0x1868c\r\npdf!GetPDFDocInfo+0x85ae\r\npdf!GetPDFDocInfo+0x4432\r\npdf+0x64d0\r\npdf!GetPDFDocInfo+0x6f42\r\npdf!GetPDFDocInfo+0x6d0e\r\npdf!GetPDFDocInfo+0x49e0\r\npdf!GetPDFDocInfo+0x37be\r\npdf!GetPDFDocInfo+0x3792\r\npdf!GetPDFDocInfo+0x3db1\r\nchrome_63700000!WebCore::DocumentLoader::finishedLoading+0x31\r\nchrome_63700000!WebCore::FrameLoader::finishedLoading+0x26\r\nchrome_63700000!WebCore::MainResourceLoader::didFinishLoading+0x5c\r\nchrome_63700000!WebCore::ResourceLoader::didFinishLoading+0xe\r\nchrome_63700000!WebCore::ResourceHandleInternal::didFinishLoading+0x35\r\nchrome_63700000!webkit_glue::WebURLLoaderImpl::Context::OnCompletedRequest+0x10c\r\nchrome_63700000!ResourceDispatcher::OnRequestComplete+0x43\r\nchrome_63700000!IPC::MessageWithTuple&lt;Tuple4&lt;int,net::URLRequestStatus,std::basic_string&lt;char,std::char_traits&lt;char&gt;,std::alloc+0x4d\r\nchrome_63700000!ResourceDispatcher::DispatchMessageW+0x4f\r\nchrome_63700000!ResourceDispatcher::OnMessageReceived+0xbb\r\nchrome_63700000!ChildThread::OnMessageReceived+0x1b\r\nchrome_63700000!RunnableMethod&lt;notifier::MediatorThreadImpl::Core,void (__thiscall notifier::MediatorThreadImpl::Core::*)(std::+0x17\r\nchrome_63700000!MessageLoop::RunTask+0x7d\r\nchrome_63700000!MessageLoop::DeferOrRunPendingTask+0x28\r\nchrome_63700000!MessageLoop::DoWork+0x71\r\nchrome_63700000!base::MessagePumpDefault::Run+0xc2\r\nchrome_63700000!MessageLoop::RunInternal+0x31\r\nchrome_63700000!MessageLoop::RunHandler+0x17\r\nchrome_63700000!MessageLoop::Run+0x15\r\nchrome_63700000!RendererMain+0x309\r\nchrome_63700000!ChromeMain+0x653\r\nchrome!MainDllLoader::Launch+0xf0\r\nchrome!wWinMain+0xef\r\nchrome!__tmainCRTStartup+0x112\r\nkernel32!BaseThreadInitThunk+0xe\r\nntdll!__RtlUserThreadStart+0x70\r\nntdll!_RtlUserThreadStart+0x1b\r\n \r\n \r\n----------------Tested On----------------\r\n \r\nMicrosoft Windows XP Professional Service Pack 3 (Brazilian Portuguese)\r\n \r\n----------------Proof-of-concept----------------\r\n \r\nPoc in HTML File: http://pastebin.com/DBUGWbQM\r\nThe PDF file needed can be found here: http://www.irs.gov/pub/irs-pdf/fw4.pdf\r\n \r\nDownload both files here:\r\nhttp://www.exploit-db.com/sploits/17929.zip\r\n \r\n \r\n----------------Steps to Reproduce----------------\r\n \r\n1. Create the file poc.html with this code http://pastebin.com/DBUGWbQM\r\n2. Download the PDF file here and save in same folder\r\n3. Open the poc.html with fw4.pdf in same folder.\r\n \r\n \r\n----------------Vulnerability Timeline(MM/DD/YYYY)----------------\r\n \r\n[04/06/2011] Vulnerability is discovered and sent to the vendor.\r\n[04/06/2011] The Google security team confirm the vulnerability and updates the status.\r\n[06/13/2011] More information about the vulnerability is sent.\r\n[07/28/2011] Vulnerability is fixed and the vendor announces the launch of the patch is version 14.\r\n[09/16/2011] The vendor released version 14 with the flaw fixed.\r\n[10/03/2011] Coordinated public security advisory released.\r\n \r\n----------------References----------------\r\n \r\nGoogle Release Notes Post(http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html)\r\nCVE Number(http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2841)\r\nChromium Bug Tracker Bug Id(http://code.google.com/p/chromium/issues/detail?id=78639)\r\nVulnerability Blog Post(http://net-fuzzer.blogspot.com/2011/10/google-chrome-140835163-pdf-file.html)\r\n \r\n \r\n \r\n----------------Vulnerability Credits----------------\r\nMario Gomes Security Researcher and Pen-tester, Goiania - GO, Brazil\r\nBlog http://net-fuzzer.blogspot.com\r\nContact netfuzzer@hotmail.com\r\n \r\n----------------End of Advisory----------------\r\n\r\nhttp://sebug.net/ssv/Google_Chrome_PDF_File_Handling_Memory_Corruption\r\n\n ", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-20968"}, {"lastseen": "2017-11-19T17:18:19", "bulletinFamily": "exploit", "description": "No description provided by source.", "modified": "2014-07-01T00:00:00", "published": "2014-07-01T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-72187", "id": "SSV:72187", "title": "Google Chrome < 14.0.835.163 PDF File Handling Memory Corruption", "type": "seebug", "sourceData": "\n ----------------Security Adisory----------------\r\n\r\nTitle: Google Chrome &#60; 14.0.835.163 PDF File Handling Memory Corruption Vulnerability (CVE-2011-2841)\r\nSec-Security: Hich\r\nCVE-Number: CVE-2011-2841\r\nDate of discovery: 04/06/2011(MM/DD/YYYY)\r\nFix date: 06/28/2011(MM/DD/YYYY)\r\nFixed Version: Google Chrome &#62;= 14.0.835.163 \r\nDiscovered by: Mario Gomes\r\n\r\n\r\n----------------Summary----------------\r\n\r\nGoogle Chrome is a web browser developed by Google that uses the WebKit layout engine. \r\nIt was first released as a beta version for Microsoft Windows on September 2, 2008, and the public stable release was on December 11, 2008. \r\nThe name is derived from the graphical user interface frame, or &#34;chrome&#34;, of web browsers. \r\nAs of August 2011, Chrome is the third most widely used browser with 23.16% worldwide usage share of web browsers, according to StatCounter.(From Wikipedia)\r\n\r\n\r\n\r\n----------------Description----------------\r\n\r\nGoogle Chrome suffers from a memory corruption vulnerability that occurs in the manipulation of PDF files. \r\nThe failure occurs when the browser opens an HTML file that contains multiple tag &#60;IFRAME&#62; pointing to a PDF file. \r\nSo it is a memory corruption flaw allows code to run within the sandbox.\r\n\r\n\r\n----------------Stacktrace----------------\r\n\r\nThis stracktrace shows a clear memory corruption, because I do not have the symbols of Google&#39;s PDF viewer can not give more details.\r\n\r\n(648.41c): Access violation - code c0000005 (first chance)\r\nFirst chance exceptions are reported before any exception handling.\r\nThis exception may be expected and handled.\r\neax=049c4000 ebx=0000efee ecx=049bc7a0 edx=841d63b9 esi=00000000 edi=049bf000\r\neip=6f3f9332 esp=002feaa0 ebp=002feac4 iopl=0 nv up ei pl nz na pe nc\r\ncs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00210206\r\n*** ERROR: Symbol file could not be found. Defaulted to export symbols for D:\\Users\\Cassio\\AppData\\Local\\Google\\Chrome\\Application\\12.0.742.91\\pdf.dll - \r\npdf!PPP_GetInterface+0x17be62:\r\n6f3f9332 8b08 mov ecx,dword ptr [eax] ds:0023:049c4000=????????\r\nStacktrace:\r\npdf!PPP_GetInterface+0x17be62\r\npdf!PPP_GetInterface+0x17430f\r\npdf!PPP_GetInterface+0x172fe1\r\npdf!PPP_GetInterface+0x28d40\r\npdf!PPP_GetInterface+0x11db6\r\npdf!GetPDFDocInfo+0x1944f\r\npdf!GetPDFDocInfo+0x18cce\r\npdf!GetPDFDocInfo+0x1868c\r\npdf!GetPDFDocInfo+0x85ae\r\npdf!GetPDFDocInfo+0x4432\r\npdf+0x64d0\r\npdf!GetPDFDocInfo+0x6f42\r\npdf!GetPDFDocInfo+0x6d0e\r\npdf!GetPDFDocInfo+0x49e0\r\npdf!GetPDFDocInfo+0x37be\r\npdf!GetPDFDocInfo+0x3792\r\npdf!GetPDFDocInfo+0x3db1\r\nchrome_63700000!WebCore::DocumentLoader::finishedLoading+0x31\r\nchrome_63700000!WebCore::FrameLoader::finishedLoading+0x26\r\nchrome_63700000!WebCore::MainResourceLoader::didFinishLoading+0x5c\r\nchrome_63700000!WebCore::ResourceLoader::didFinishLoading+0xe\r\nchrome_63700000!WebCore::ResourceHandleInternal::didFinishLoading+0x35\r\nchrome_63700000!webkit_glue::WebURLLoaderImpl::Context::OnCompletedRequest+0x10c\r\nchrome_63700000!ResourceDispatcher::OnRequestComplete+0x43\r\nchrome_63700000!IPC::MessageWithTuple&#60;Tuple4&#60;int,net::URLRequestStatus,std::basic_string&#60;char,std::char_traits&#60;char&#62;,std::alloc+0x4d\r\nchrome_63700000!ResourceDispatcher::DispatchMessageW+0x4f\r\nchrome_63700000!ResourceDispatcher::OnMessageReceived+0xbb\r\nchrome_63700000!ChildThread::OnMessageReceived+0x1b\r\nchrome_63700000!RunnableMethod&#60;notifier::MediatorThreadImpl::Core,void (__thiscall notifier::MediatorThreadImpl::Core::*)(std::+0x17\r\nchrome_63700000!MessageLoop::RunTask+0x7d\r\nchrome_63700000!MessageLoop::DeferOrRunPendingTask+0x28\r\nchrome_63700000!MessageLoop::DoWork+0x71\r\nchrome_63700000!base::MessagePumpDefault::Run+0xc2\r\nchrome_63700000!MessageLoop::RunInternal+0x31\r\nchrome_63700000!MessageLoop::RunHandler+0x17\r\nchrome_63700000!MessageLoop::Run+0x15\r\nchrome_63700000!RendererMain+0x309\r\nchrome_63700000!ChromeMain+0x653\r\nchrome!MainDllLoader::Launch+0xf0\r\nchrome!wWinMain+0xef\r\nchrome!__tmainCRTStartup+0x112\r\nkernel32!BaseThreadInitThunk+0xe\r\nntdll!__RtlUserThreadStart+0x70\r\nntdll!_RtlUserThreadStart+0x1b\r\n\r\n\r\n----------------Tested On----------------\r\n\r\nMicrosoft Windows XP Professional Service Pack 3 (Brazilian Portuguese)\r\n\r\n----------------Proof-of-concept----------------\r\n\r\nPoc in HTML File: http://pastebin.com/DBUGWbQM\r\nThe PDF file needed can be found here: http://www.irs.gov/pub/irs-pdf/fw4.pdf\r\n\r\nDownload both files here:\r\nhttp://www.exploit-db.com/sploits/17929.zip\r\n\r\n\r\n----------------Steps to Reproduce----------------\r\n\r\n1. Create the file poc.html with this code http://pastebin.com/DBUGWbQM\r\n2. Download the PDF file here and save in same folder\r\n3. Open the poc.html with fw4.pdf in same folder.\r\n\r\n\r\n----------------Vulnerability Timeline(MM/DD/YYYY)----------------\r\n\r\n[04/06/2011] Vulnerability is discovered and sent to the vendor.\r\n[04/06/2011] The Google security team confirm the vulnerability and updates the status.\r\n[06/13/2011] More information about the vulnerability is sent.\r\n[07/28/2011] Vulnerability is fixed and the vendor announces the launch of the patch is version 14.\r\n[09/16/2011] The vendor released version 14 with the flaw fixed.\r\n[10/03/2011] Coordinated public security advisory released.\r\n\r\n----------------References----------------\r\n\r\nGoogle Release Notes Post(http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html)\r\nCVE Number(http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2841)\r\nChromium Bug Tracker Bug Id(http://code.google.com/p/chromium/issues/detail?id=78639)\r\nVulnerability Blog Post(http://net-fuzzer.blogspot.com/2011/10/google-chrome-140835163-pdf-file.html)\r\n\r\n\r\n\r\n----------------Vulnerability Credits----------------\r\nMario Gomes Security Researcher and Pen-tester, Goiania - GO, Brazil\r\nBlog http://net-fuzzer.blogspot.com\r\nContact netfuzzer@hotmail.com\r\n\r\n----------------End of Advisory----------------\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-72187", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-02-02T08:51:03", "bulletinFamily": "exploit", "description": "Google Chrome < 14.0.835.163 PDF File Handling Memory Corruption. CVE-2011-2841. Dos exploit for windows platform", "modified": "2011-10-04T00:00:00", "published": "2011-10-04T00:00:00", "id": "EDB-ID:17929", "href": "https://www.exploit-db.com/exploits/17929/", "type": "exploitdb", "title": "Google Chrome < 14.0.835.163 PDF File Handling Memory Corruption", "sourceData": "----------------Security Adisory----------------\r\n\r\nTitle: Google Chrome < 14.0.835.163 PDF File Handling Memory Corruption Vulnerability (CVE-2011-2841)\r\nSec-Security: Hich\r\nCVE-Number: CVE-2011-2841\r\nDate of discovery: 04/06/2011(MM/DD/YYYY)\r\nFix date: 06/28/2011(MM/DD/YYYY)\r\nFixed Version: Google Chrome >= 14.0.835.163 \r\nDiscovered by: Mario Gomes\r\n\r\n\r\n----------------Summary----------------\r\n\r\nGoogle Chrome is a web browser developed by Google that uses the WebKit layout engine. \r\nIt was first released as a beta version for Microsoft Windows on September 2, 2008, and the public stable release was on December 11, 2008. \r\nThe name is derived from the graphical user interface frame, or \"chrome\", of web browsers. \r\nAs of August 2011, Chrome is the third most widely used browser with 23.16% worldwide usage share of web browsers, according to StatCounter.(From Wikipedia)\r\n\r\n\r\n\r\n----------------Description----------------\r\n\r\nGoogle Chrome suffers from a memory corruption vulnerability that occurs in the manipulation of PDF files. \r\nThe failure occurs when the browser opens an HTML file that contains multiple tag <IFRAME> pointing to a PDF file. \r\nSo it is a memory corruption flaw allows code to run within the sandbox.\r\n\r\n\r\n----------------Stacktrace----------------\r\n\r\nThis stracktrace shows a clear memory corruption, because I do not have the symbols of Google's PDF viewer can not give more details.\r\n\r\n(648.41c): Access violation - code c0000005 (first chance)\r\nFirst chance exceptions are reported before any exception handling.\r\nThis exception may be expected and handled.\r\neax=049c4000 ebx=0000efee ecx=049bc7a0 edx=841d63b9 esi=00000000 edi=049bf000\r\neip=6f3f9332 esp=002feaa0 ebp=002feac4 iopl=0 nv up ei pl nz na pe nc\r\ncs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00210206\r\n*** ERROR: Symbol file could not be found. Defaulted to export symbols for D:\\Users\\Cassio\\AppData\\Local\\Google\\Chrome\\Application\\12.0.742.91\\pdf.dll - \r\npdf!PPP_GetInterface+0x17be62:\r\n6f3f9332 8b08 mov ecx,dword ptr [eax] ds:0023:049c4000=????????\r\nStacktrace:\r\npdf!PPP_GetInterface+0x17be62\r\npdf!PPP_GetInterface+0x17430f\r\npdf!PPP_GetInterface+0x172fe1\r\npdf!PPP_GetInterface+0x28d40\r\npdf!PPP_GetInterface+0x11db6\r\npdf!GetPDFDocInfo+0x1944f\r\npdf!GetPDFDocInfo+0x18cce\r\npdf!GetPDFDocInfo+0x1868c\r\npdf!GetPDFDocInfo+0x85ae\r\npdf!GetPDFDocInfo+0x4432\r\npdf+0x64d0\r\npdf!GetPDFDocInfo+0x6f42\r\npdf!GetPDFDocInfo+0x6d0e\r\npdf!GetPDFDocInfo+0x49e0\r\npdf!GetPDFDocInfo+0x37be\r\npdf!GetPDFDocInfo+0x3792\r\npdf!GetPDFDocInfo+0x3db1\r\nchrome_63700000!WebCore::DocumentLoader::finishedLoading+0x31\r\nchrome_63700000!WebCore::FrameLoader::finishedLoading+0x26\r\nchrome_63700000!WebCore::MainResourceLoader::didFinishLoading+0x5c\r\nchrome_63700000!WebCore::ResourceLoader::didFinishLoading+0xe\r\nchrome_63700000!WebCore::ResourceHandleInternal::didFinishLoading+0x35\r\nchrome_63700000!webkit_glue::WebURLLoaderImpl::Context::OnCompletedRequest+0x10c\r\nchrome_63700000!ResourceDispatcher::OnRequestComplete+0x43\r\nchrome_63700000!IPC::MessageWithTuple<Tuple4<int,net::URLRequestStatus,std::basic_string<char,std::char_traits<char>,std::alloc+0x4d\r\nchrome_63700000!ResourceDispatcher::DispatchMessageW+0x4f\r\nchrome_63700000!ResourceDispatcher::OnMessageReceived+0xbb\r\nchrome_63700000!ChildThread::OnMessageReceived+0x1b\r\nchrome_63700000!RunnableMethod<notifier::MediatorThreadImpl::Core,void (__thiscall notifier::MediatorThreadImpl::Core::*)(std::+0x17\r\nchrome_63700000!MessageLoop::RunTask+0x7d\r\nchrome_63700000!MessageLoop::DeferOrRunPendingTask+0x28\r\nchrome_63700000!MessageLoop::DoWork+0x71\r\nchrome_63700000!base::MessagePumpDefault::Run+0xc2\r\nchrome_63700000!MessageLoop::RunInternal+0x31\r\nchrome_63700000!MessageLoop::RunHandler+0x17\r\nchrome_63700000!MessageLoop::Run+0x15\r\nchrome_63700000!RendererMain+0x309\r\nchrome_63700000!ChromeMain+0x653\r\nchrome!MainDllLoader::Launch+0xf0\r\nchrome!wWinMain+0xef\r\nchrome!__tmainCRTStartup+0x112\r\nkernel32!BaseThreadInitThunk+0xe\r\nntdll!__RtlUserThreadStart+0x70\r\nntdll!_RtlUserThreadStart+0x1b\r\n\r\n\r\n----------------Tested On----------------\r\n\r\nMicrosoft Windows XP Professional Service Pack 3 (Brazilian Portuguese)\r\n\r\n----------------Proof-of-concept----------------\r\n\r\nPoc in HTML File: http://pastebin.com/DBUGWbQM\r\nThe PDF file needed can be found here: http://www.irs.gov/pub/irs-pdf/fw4.pdf\r\n\r\nDownload both files here:\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/17929.zip\r\n\r\n\r\n----------------Steps to Reproduce----------------\r\n\r\n1. Create the file poc.html with this code http://pastebin.com/DBUGWbQM\r\n2. Download the PDF file here and save in same folder\r\n3. Open the poc.html with fw4.pdf in same folder.\r\n\r\n\r\n----------------Vulnerability Timeline(MM/DD/YYYY)----------------\r\n\r\n[04/06/2011] Vulnerability is discovered and sent to the vendor.\r\n[04/06/2011] The Google security team confirm the vulnerability and updates the status.\r\n[06/13/2011] More information about the vulnerability is sent.\r\n[07/28/2011] Vulnerability is fixed and the vendor announces the launch of the patch is version 14.\r\n[09/16/2011] The vendor released version 14 with the flaw fixed.\r\n[10/03/2011] Coordinated public security advisory released.\r\n\r\n----------------References----------------\r\n\r\nGoogle Release Notes Post(http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html)\r\nCVE Number(http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2841)\r\nChromium Bug Tracker Bug Id(http://code.google.com/p/chromium/issues/detail?id=78639)\r\nVulnerability Blog Post(http://net-fuzzer.blogspot.com/2011/10/google-chrome-140835163-pdf-file.html)\r\n\r\n\r\n\r\n----------------Vulnerability Credits----------------\r\nMario Gomes Security Researcher and Pen-tester, Goiania - GO, Brazil\r\nBlog http://net-fuzzer.blogspot.com\r\nContact netfuzzer@hotmail.com\r\n\r\n----------------End of Advisory----------------", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/17929/"}], "securityvulns": [{"lastseen": "2018-08-31T11:09:42", "bulletinFamily": "software", "description": "Multiple vulnerabilities related to XPath processing.", "modified": "2011-10-16T00:00:00", "published": "2011-10-16T00:00:00", "id": "SECURITYVULNS:VULN:11744", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11744", "title": "libxml2 memory corruption", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}