Vulnerabilities > CVE-2011-1454 - Use After Free vulnerability in Google Chrome
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Use-after-free vulnerability in the DOM id handling functionality in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted HTML document.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Windows NASL id GOOGLE_CHROME_11_0_696_57.NASL description The version of Google Chrome installed on the remote host is earlier than 11.0.696.57. Such versions of Chrome are affected by multiple vulnerabilities: - A stale pointer exists in floating object handling. (Issue #61502) - It may be possible to bypass the pop-up blocker via plug-ins. (Issue #70538) - There is a lack of thread safety in MIME handling. (Issue #71586) - A bad extension with last seen 2020-06-01 modified 2020-06-02 plugin id 53569 published 2011-04-27 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/53569 title Google Chrome < 11.0.696.57 Multiple Vulnerabilities NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_6887828F022911E0B84D00262D5ED8EE.NASL description Google Chrome Releases reports : Fixed in 15.0.874.121 : [103259] High CVE-2011-3900: Out-of-bounds write in v8. Credit to Christian Holler. Fixed in 15.0.874.120 : [100465] High CVE-2011-3892: Double free in Theora decoder. Credit to Aki Helin of OUSPG. [100492] [100543] Medium CVE-2011-3893: Out of bounds reads in MKV and Vorbis media handlers. Credit to Aki Helin of OUSPG. [101172] High CVE-2011-3894: Memory corruption regression in VP8 decoding. Credit to Andrew Scherkus of the Chromium development community. [101458] High CVE-2011-3895: Heap overflow in Vorbis decoder. Credit to Aki Helin of OUSPG. [101624] High CVE-2011-3896: Buffer overflow in shader variable mapping. Credit to Ken last seen 2020-06-01 modified 2020-06-02 plugin id 51069 published 2010-12-08 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/51069 title FreeBSD : chromium -- multiple vulnerabilities (6887828f-0229-11e0-b84d-00262d5ed8ee)
Oval
| accepted | 2014-04-07T04:01:20.438-04:00 | ||||||||||||||||||||||||||||||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||||||||||||||||||||||||||||||
| contributors |
| ||||||||||||||||||||||||||||||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||||||||||||||||||||||||||||||
| description | Use-after-free vulnerability in the DOM id handling functionality in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted HTML document. | ||||||||||||||||||||||||||||||||||||||||||||||||
| family | windows | ||||||||||||||||||||||||||||||||||||||||||||||||
| id | oval:org.mitre.oval:def:14469 | ||||||||||||||||||||||||||||||||||||||||||||||||
| status | accepted | ||||||||||||||||||||||||||||||||||||||||||||||||
| submitted | 2011-12-09T10:42:26.000-05:00 | ||||||||||||||||||||||||||||||||||||||||||||||||
| title | Use-after-free vulnerability in the DOM id handling functionality in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted HTML document. | ||||||||||||||||||||||||||||||||||||||||||||||||
| version | 52 |
References
- http://code.google.com/p/chromium/issues/detail?id=79199
- http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/67160
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14469
- http://code.google.com/p/chromium/issues/detail?id=79199
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14469
- https://exchange.xforce.ibmcloud.com/vulnerabilities/67160
- http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html