Vulnerabilities > CVE-2011-0784 - Race Condition vulnerability in Google Chrome

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
google
CWE-362
nessus
NVD
Published: 2011-02-04
Updated: 2017-09-19

Summary

Race condition in Google Chrome before 9.0.597.84 allows remote attackers to execute arbitrary code via vectors related to audio.

Vulnerable Configurations

Part Description Count
Application
Google
1066

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Leveraging Race Conditions
    This attack targets a race condition occurring when multiple processes access and manipulate the same resource concurrently and the outcome of the execution depends on the particular order in which the access takes place. The attacker can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance a race condition can occur while accessing a file, the attacker can trick the system by replacing the original file with his version and cause the system to read the malicious file.
  • Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
    This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. The typical example is the file access. The attacker can leverage a file access race condition by "running the race", meaning that he would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the attacker could do something such as replace the file and cause an escalation of privilege.

Nessus

NASL familyWindows
NASL idGOOGLE_CHROME_9_0_597_84.NASL
descriptionThe version of Google Chrome installed on the remote host is earlier than 9.0.597.84. It therefore is reportedly affected by multiple vulnerabilities : - A use-after-free issue exists in image loading. (Issue #55381) - An unspecified issue exists relating to cross-origin drag and drop. (Issue #59081) - A browser crash can occur when handling extensions with a missing key. (Issue #62791) - A browser crash issue exists relating to the PDF event handler. (Issue #64051) - An unspecified issue exists relating to the merging of autofill profiles. (Issue #65669) - A browser crash issue exists relating to bad volume settings. (Issue #68244) - A race condition exists in audio handling. (Issue #69195)
last seen2020-06-01
modified2020-06-02
plugin id51872
published2011-02-04
reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/51872
titleGoogle Chrome < 9.0.597.84 Multiple Vulnerabilities
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(51872);
  script_version("1.14");
  script_cvs_date("Date: 2018/11/15 20:50:27");

  script_cve_id(
    "CVE-2011-0777",
    "CVE-2011-0778",
    "CVE-2011-0779",
    "CVE-2011-0780",
    "CVE-2011-0781",
    "CVE-2011-0783",
    "CVE-2011-0784"
  );
  script_bugtraq_id(46144);
  script_xref(name:"Secunia", value:"43193");

  script_name(english:"Google Chrome < 9.0.597.84 Multiple Vulnerabilities");
  script_summary(english:"Checks version number of Google Chrome");

  script_set_attribute(attribute:"synopsis", value:
"The remote host contains a web browser that is affected by multiple
vulnerabilities.");

  script_set_attribute(attribute:"description", value:
"The version of Google Chrome installed on the remote host is earlier
than 9.0.597.84.  It therefore is reportedly affected by multiple
vulnerabilities :

  - A use-after-free issue exists in image loading.
    (Issue #55381)

  - An unspecified issue exists relating to cross-origin
    drag and drop. (Issue #59081)

  - A browser crash can occur when handling extensions with
    a missing key. (Issue #62791)

  - A browser crash issue exists relating to the PDF event
    handler. (Issue #64051)

  - An unspecified issue exists relating to the merging of
    autofill profiles. (Issue #65669)

  - A browser crash issue exists relating to bad volume
    settings. (Issue #68244)

  - A race condition exists in audio handling.
    (Issue #69195)");

  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?717c5939");
  script_set_attribute(attribute:"solution", value:"Upgrade to Google Chrome 9.0.597.84 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2011/02/03");
  script_set_attribute(attribute:"patch_publication_date", value:"2011/02/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2011/02/04");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:google:chrome");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.");

  script_dependencies("google_chrome_installed.nasl");
  script_require_keys("SMB/Google_Chrome/Installed");

  exit(0);
}

include("google_chrome_version.inc");

get_kb_item_or_exit("SMB/Google_Chrome/Installed");

installs = get_kb_list("SMB/Google_Chrome/*");
google_chrome_check_version(installs:installs, fix:'9.0.597.84', severity:SECURITY_HOLE);

Oval

accepted2014-04-07T04:00:45.830-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationDTCC
  • nameShane Shaffer
    organizationG2, Inc.
  • nameShane Shaffer
    organizationG2, Inc.
  • nameShane Shaffer
    organizationG2, Inc.
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameMaria Mikhno
    organizationALTX-SOFT
definition_extensions
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
descriptionRace condition in Google Chrome before 9.0.597.84 allows remote attackers to execute arbitrary code via vectors related to audio.
familywindows
idoval:org.mitre.oval:def:14108
statusaccepted
submitted2011-12-09T10:37:46.000-05:00
titleRace condition in Google Chrome before 9.0.597.84 allows remote attackers to execute arbitrary code via vectors related to audio.
version52

References