Vulnerabilities > CVE-2011-2830 - Unspecified vulnerability in Google Chrome

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
google
nessus

Summary

Google V8, as used in Google Chrome before 14.0.835.163, does not properly implement script object wrappers, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors.

Vulnerable Configurations

Part Description Count
Application
Google
1750

Nessus

NASL familyWindows
NASL idGOOGLE_CHROME_14_0_835_163.NASL
descriptionThe version of Google Chrome installed on the remote host is earlier than 14.0.835.163 and is affected by multiple vulnerabilities: - A race condition exists related to the certificate cache. (Issue #49377) - The Windows Media Player plugin allows click-free access to the system Flash. (Issue #51464) - MIME types are not treated authoritatively at plugin load time. (Issue #75070) - An unspecified error allows V8 script object wrappers to crash. (Issue #76771) - The included PDF functionality contains a garbage collection error. (Issue #78639) - Out-of-bounds read issues exist related to media buffers, mp3 files, box handling, Khmer characters, video handling, Tibetan characters, and triangle arrays. (Issues #82438, #85041, #89991, #90134, #90173, #95563, #95625) - An unspecified error allows data displayed in the URL to be spoofed. (Issue #83031) - Use-after-free errors exist related to unload event handling, the document loader, plugin handling, ruby, table style handling, and the focus controller. (Issues #89219, #89330, #91197, #92651, #94800, #93420, #93587) - The URL bar can be spoofed in an unspecified manner related to the forward button. (Issue #89564) - An NULL pointer error exists related to WebSockets. (Issue #89795) - An off-by-one error exists related to the V8 JavaScript engine. (Issue #91120) - A stale node error exists related to CSS stylesheet handling. (Issue #92959) - A cross-origin bypass error exists related to the V8 JavaScript engine. (Issue #93416) - A double-free error exists related to XPath handling in libxml. (Issue #93472) - Incorrect permissions are assigned to non-gallery pages. (Issue #93497) - An improper string read occurs in the included PDF functionality. (Issue #93596) - An unspecified error allows unintended access to objects built in to the V8 JavaScript engine. (Issue #93906) - Self-signed certificates are not pinned properly. (Issue #95917) - A variable-type confusion issue exists in the V8 JavaScript engine related to object sealing. (Issue #95920)
last seen2020-06-01
modified2020-06-02
plugin id56230
published2011-09-19
reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/56230
titleGoogle Chrome < 14.0.835.163 Multiple Vulnerabilities

Oval

accepted2014-04-07T04:01:07.800-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationDTCC
  • nameShane Shaffer
    organizationG2, Inc.
  • nameShane Shaffer
    organizationG2, Inc.
  • nameShane Shaffer
    organizationG2, Inc.
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameMaria Mikhno
    organizationALTX-SOFT
definition_extensions
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
descriptionGoogle V8, as used in Google Chrome before 14.0.835.163, does not properly implement script object wrappers, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors.
familywindows
idoval:org.mitre.oval:def:14336
statusaccepted
submitted2011-11-25T18:22:02.000-05:00
titleGoogle V8, as used in Google Chrome before 14.0.835.163, does not properly implement script object wrappers, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors.
version52