Vulnerabilities > CVE-2010-3412 - Race Condition vulnerability in Google Chrome

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
google
CWE-362
critical
nessus
NVD
Published: 2010-09-16
Updated: 2020-07-31

Summary

Race condition in the console implementation in Google Chrome before 6.0.472.59 has unspecified impact and attack vectors.

Vulnerable Configurations

Part Description Count
Application
Google
682

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Leveraging Race Conditions
    This attack targets a race condition occurring when multiple processes access and manipulate the same resource concurrently and the outcome of the execution depends on the particular order in which the access takes place. The attacker can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance a race condition can occur while accessing a file, the attacker can trick the system by replacing the original file with his version and cause the system to read the malicious file.
  • Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
    This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. The typical example is the file access. The attacker can leverage a file access race condition by "running the race", meaning that he would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the attacker could do something such as replace the file and cause an escalation of privilege.

Nessus

NASL familyWindows
NASL idGOOGLE_CHROME_6_0_472_59.NASL
descriptionThe version of Google Chrome installed on the remote host is earlier than 6.0.472.59. Such versions are reportedly affected by multiple vulnerabilities : - A use-after-free error exists when using document APIs during parse. (Issue #50250) - A use-after-free error exists in SVG styles. (Issue #50712) - A use-after-free error exists with nested SVG elements. (Issue #51252) - A race condition exists in console handling. (Issue #51919) - An unlikely browser crash exists in pop-up blocking. (Issue #53176) - A memory corruption error exists in Geolocation. (Issue #53394) - An error exists by failing to prompt for extension history access. (Issue #54006)
last seen2020-06-01
modified2020-06-02
plugin id49237
published2010-09-15
reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/49237
titleGoogle Chrome < 6.0.472.59 Multiple Vulnerabilities
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(49237);
  script_version("1.16");
  script_cvs_date("Date: 2018/11/15 20:50:27");

  script_cve_id(
    "CVE-2010-1823",
    "CVE-2010-1824",
    "CVE-2010-1825",
    "CVE-2010-3412",
    "CVE-2010-3413",
    "CVE-2010-3415",
    "CVE-2010-3417"
  );
  script_bugtraq_id(43228, 46677);
  script_xref(name:"MSVR", value:"MSVR11-001");

  script_name(english:"Google Chrome < 6.0.472.59 Multiple Vulnerabilities");
  script_summary(english:"Checks version number of Google Chrome");

  script_set_attribute(attribute:"synopsis", value:
"The remote host contains a web browser that is affected by multiple
vulnerabilities.");

  script_set_attribute(attribute:"description", value:
"The version of Google Chrome installed on the remote host is earlier
than 6.0.472.59.  Such versions are reportedly affected by multiple
vulnerabilities :

  - A use-after-free error exists when using document APIs
    during parse. (Issue #50250)

  - A use-after-free error exists in SVG styles.
   (Issue #50712)

  - A use-after-free error exists with nested SVG elements.
   (Issue #51252)

  - A race condition exists in console handling.
    (Issue #51919)

  - An unlikely browser crash exists in pop-up blocking.
    (Issue #53176)

  - A memory corruption error exists in Geolocation.
    (Issue #53394)

  - An error exists by failing to prompt for extension
    history access. (Issue #54006)");

  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?03c00fdf");
  script_set_attribute(attribute:"solution", value:"Upgrade to Google Chrome 6.0.472.59 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2010/09/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2010/09/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/09/15");

  script_set_attribute(attribute:"plugin_type", value:"local");

  script_set_attribute(attribute:"cpe", value:"cpe:/a:google:chrome");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.");

  script_dependencies("google_chrome_installed.nasl");
  script_require_keys("SMB/Google_Chrome/Installed");

  exit(0);
}

include("google_chrome_version.inc");

get_kb_item_or_exit("SMB/Google_Chrome/Installed");

installs = get_kb_list("SMB/Google_Chrome/*");
google_chrome_check_version(installs:installs, fix:'6.0.472.59', severity:SECURITY_HOLE);

Oval

accepted2013-08-12T04:10:13.226-04:00
classvulnerability
contributors
  • nameJ. Daniel Brown
    organizationDTCC
  • nameShane Shaffer
    organizationG2, Inc.
  • nameShane Shaffer
    organizationG2, Inc.
  • nameShane Shaffer
    organizationG2, Inc.
  • nameShane Shaffer
    organizationG2, Inc.
  • nameMaria Kedovskaya
    organizationALTX-SOFT
definition_extensions
commentGoogle Chrome is installed
ovaloval:org.mitre.oval:def:11914
descriptionRace condition in the console implementation in Google Chrome before 6.0.472.59 has unspecified impact and attack vectors.
familywindows
idoval:org.mitre.oval:def:7354
statusaccepted
submitted2010-09-17T17:30:00.000-05:00
titleGoogle Chrome Console Implementation Race Condition Unspecified Issue
version51

References