PinkiePie Strikes Again, Compromises Google Chrome in Pwnium Contest at Hack in the Box

For the second time this year, an anonymous teenage security researcher has succeeded in producing a full exploit, including a sandbox escape, against Google Chrome. The researcher, who uses the pseudonym PinkiePie, submitted his exploit Wednesday during the Pwnium contest run by Google at the Ha...

Mandriva Linux Security Advisory : icedtea-web (MDVSA-2012:122)

Multiple vulnerabilities has been discovered and corrected in icedtea-web : An uninitialized pointer use flaw was found in IcedTea-Web web browser plugin. A malicious web page could use this flaw make IcedTea-Web browser plugin pass invalid pointer to a web browser. Depending on the browser used,...

CVE-2012-4248

The Amazon Kindle Touch before 5.1.2 does not properly restrict access to the libkindleplugin.so NPAPI plugin interface, which might allow remote attackers to have an unspecified impact via vectors involving the 1 dev.log, 2 lipc.set, 3 lipc.get, or 4 todo.scheduleItems method, a different...

Design/Logic Flaw

The Amazon Kindle Touch before 5.1.2 does not properly restrict access to the libkindleplugin.so NPAPI plugin interface, which might allow remote attackers to have an unspecified impact via vectors involving the 1 dev.log, 2 lipc.set, 3 lipc.get, or 4 todo.scheduleItems method, a different...

CVE-2012-4248

The data confirms CVE-2012-4248 affects Kindle Touch prior to 5.1.2, where access to the libkindleplugin.so NPAPI plugin interface is not properly restricted. This may allow remote attackers to cause unspecified impact via the dev.log, lipc.set, lipc.get, or todo.scheduleItems methods. The root c...

CVE-2012-4248

The Amazon Kindle Touch before 5.1.2 does not properly restrict access to the libkindleplugin.so NPAPI plugin interface, which might allow remote attackers to have an unspecified impact via vectors involving the 1 dev.log, 2 lipc.set, 3 lipc.get, or 4 todo.scheduleItems method, a different...

USN-1521-1: IcedTea-Web vulnerabilities

Chamal De Silva discovered that the IcedTea-Web Java web browser plugin could dereference an uninitialized pointer. A remote attacker could use this to craft a malicious web page that could cause a denial of service by crashing the web browser or possibly execute arbitrary code. CVE-2012-3422...

Several vulnerabilities found in IcedTea-Web

The IcedTea project team reports: CVE-2012-3422: Use of uninitialized instance pointers An uninitialized pointer use flaw was found in IcedTea-Web web browser plugin. A malicious web page could use this flaw make IcedTea-Web browser plugin pass invalid pointer to a web browser. Depending on the...

Amazon Kindle Touch libkindleplugin scriptable browser plugin vulnerability

Overview Kindle Touch 5.1.0 contains a scriptable browser plugin which can be invoked by accessing a malicious web page. Description It has been reported that Kindle Touch 5.1.0 has introduced a NPAPI plugin /usr/lib/libkindleplugin.so symlinked to /usrl/lib/browser/plugins/libkindleplugin.so tha...

Vulnerability in Google Chrome Could Allow Local Code Execution

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting Google Chrome version 17.0.963.79 and earlier versions. Microsoft discovered and disclosed the vulnerability under coordinated vulnerability disclosure to the affected vendor, Googl...

Adobe Shockwave NPAPI Plug-in Drag and Drop Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the NPAPI version of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...

CVE-2011-2783

Google Chrome before 13.0.782.107 does not ensure that developer-mode NPAPI extension installations are confirmed by a browser dialog, which makes it easier for remote attackers to modify the product's functionality via a Trojan horse extension...

Design/Logic Flaw

Google Chrome before 13.0.782.107 does not ensure that developer-mode NPAPI extension installations are confirmed by a browser dialog, which makes it easier for remote attackers to modify the product's functionality via a Trojan horse extension...

CVE-2011-2783

Google Chrome before 13.0.782.107 does not ensure that developer-mode NPAPI extension installations are confirmed by a browser dialog, which makes it easier for remote attackers to modify the product's functionality via a Trojan horse extension...

CVE-2011-2783

Google Chrome before 13.0.782.107 does not ensure that developer-mode NPAPI extension installations are confirmed by a browser dialog, which makes it easier for remote attackers to modify the product's functionality via a Trojan horse extension...

CVE-2011-2783

Google Chrome (

CVE-2011-2783

Removed by vendor...

Google Chrome < 13.0.782.107 Multiple Vulnerabilities

Binary data 5998.pasl...

Google Chrome Multiple Vulnerabilities (Windows) - June 11

This host is installed with Google Chrome and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: secpodgooglechromemultvulnwinjun11.nasl 7019 2017-08-29 11:51:27Z teissa $ Google Chrome Multiple Vulnerabilities Windows - June 11 Authors: Madhuri D Copyright: Copyright c 2011...

Google Chrome Multiple Vulnerabilities (Linux) - June 11

This host is installed with Google Chrome and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: secpodgooglechromemultvulnlinjun11.nasl 7006 2017-08-25 11:51:20Z teissa $ Google Chrome Multiple Vulnerabilities Linux - June 11 Authors: Madhuri D Copyright: Copyright c 2011...