Vulnerabilities > CVE-2010-3258 - Deserialization of Untrusted Data vulnerability in Google Chrome

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
google
CWE-502
critical
nessus

Summary

The sandbox implementation in Google Chrome before 6.0.472.53 does not properly deserialize parameters, which has unspecified impact and remote attack vectors.

Vulnerable Configurations

Part Description Count
Application
Google
677

Common Weakness Enumeration (CWE)

Nessus

NASL familyWindows
NASL idGOOGLE_CHROME_6_0_472_53.NASL
descriptionThe version of Google Chrome installed on the remote host is earlier than 6.0.472.53. It therefore is reportedly affected by multiple vulnerabilities : - It is possible to bypass the pop-up blocker with a blank frame target . (Issue #34414) - It is possible to visually spoof the URL bar with homographic sequences. (Issue #37201) - Restrictions on setting clipboard content are not strict enough. (Issue #41654) - A stale pointer exists with SVG filters. (Issue #45659) - It may be possible to enumerate installed extensions. (Issue #45876) - An unspecified vulnerability in WebSockets could lead to a browser NULL crash. (Issue #46750, #51846) - A use-after-free error exists in the Notifications presenter. (Issue #50386) - An unspecified memory corruption issue exists in Notification permissions. (Issue #50839) - Multiple unspecified integer errors exist in WebSockets. (Issue #51360, #51739) - A memory corruption issue exists with counter nodes. (Issue #51653) - Chrome may store an excessive amount of autocomplete entries. (Issue #51727) - A stale pointer exists in focus handling. (Issue #52443) - A Sandbox parameter deserialization error exists. (Issue #52682) - An unspecified cross-origin image theft issue exists. (Issue #53001)
last seen2020-06-01
modified2020-06-02
plugin id49089
published2010-09-02
reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/49089
titleGoogle Chrome < 6.0.472.53 Multiple Vulnerabilities
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(49089);
  script_version("1.18");
  script_cvs_date("Date: 2018/11/15 20:50:27");

  script_cve_id(
    "CVE-2010-3246",
    "CVE-2010-3247",
    "CVE-2010-3248",
    "CVE-2010-3249",
    "CVE-2010-3250",
    "CVE-2010-3251",
    "CVE-2010-3252",
    "CVE-2010-3253",
    "CVE-2010-3254",
    "CVE-2010-3255",
    "CVE-2010-3256",
    "CVE-2010-3257",
    "CVE-2010-3258",
    "CVE-2010-3259"
  );
  script_bugtraq_id(42952, 44204, 44206, 44216);

  script_name(english:"Google Chrome < 6.0.472.53 Multiple Vulnerabilities");
  script_summary(english:"Checks version number of Google Chrome");

  script_set_attribute(attribute:"synopsis", value:
"The remote host contains a web browser that is affected by multiple
vulnerabilities.");

  script_set_attribute(attribute:"description", value:
"The version of Google Chrome installed on the remote host is earlier
than 6.0.472.53.  It therefore is reportedly affected by multiple
vulnerabilities :

  - It is possible to bypass the pop-up blocker with a blank
    frame target . (Issue #34414)

  - It is possible to visually spoof the URL bar with
    homographic sequences. (Issue #37201)

  - Restrictions on setting clipboard content are not strict
    enough. (Issue #41654)

  - A stale pointer exists with SVG filters. (Issue #45659)

  - It may be possible to enumerate installed extensions.
    (Issue #45876)

  - An unspecified vulnerability in WebSockets could lead
    to a browser NULL crash. (Issue #46750, #51846)

  - A use-after-free error exists in the Notifications
    presenter. (Issue #50386)

  - An unspecified memory corruption issue exists in
    Notification permissions. (Issue #50839)

  - Multiple unspecified integer errors exist in WebSockets.
    (Issue #51360, #51739)

  - A memory corruption issue exists with counter nodes.
    (Issue #51653)

  - Chrome may store an excessive amount of autocomplete
    entries. (Issue #51727)

  - A stale pointer exists in focus handling. (Issue #52443)

  - A Sandbox parameter deserialization error exists.
    (Issue #52682)

  - An unspecified cross-origin image theft issue exists.
    (Issue #53001)");

  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?99f0b3fb");
  script_set_attribute(attribute:"solution", value:"Upgrade to Google Chrome 6.0.472.53 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2010/09/02");
  script_set_attribute(attribute:"patch_publication_date", value:"2010/09/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/09/02");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:google:chrome");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.");

  script_dependencies("google_chrome_installed.nasl");
  script_require_keys("SMB/Google_Chrome/Installed");

  exit(0);
}

include("google_chrome_version.inc");

get_kb_item_or_exit("SMB/Google_Chrome/Installed");

installs = get_kb_list("SMB/Google_Chrome/*");
google_chrome_check_version(installs:installs, fix:'6.0.472.53', severity:SECURITY_HOLE);

Oval

accepted2013-08-12T04:01:07.507-04:00
classvulnerability
contributors
  • nameJ. Daniel Brown
    organizationDTCC
  • nameShane Shaffer
    organizationG2, Inc.
  • nameShane Shaffer
    organizationG2, Inc.
  • nameShane Shaffer
    organizationG2, Inc.
  • nameShane Shaffer
    organizationG2, Inc.
  • nameMaria Kedovskaya
    organizationALTX-SOFT
definition_extensions
commentGoogle Chrome is installed
ovaloval:org.mitre.oval:def:11914
descriptionThe sandbox implementation in Google Chrome before 6.0.472.53 does not properly deserialize parameters, which has unspecified impact and remote attack vectors.
familywindows
idoval:org.mitre.oval:def:12133
statusaccepted
submitted2010-09-12T17:30:00.000-05:00
titleGoogle Chrome Sandbox Parameter Deserialization Weakness Unspecified Remote Issue
version51