Vulnerabilities > CVE-2011-2830 - Unspecified vulnerability in Google Chrome
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN google
nessus
Summary
Google V8, as used in Google Chrome before 14.0.835.163, does not properly implement script object wrappers, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors.
Vulnerable Configurations
Nessus
| NASL family | Windows |
| NASL id | GOOGLE_CHROME_14_0_835_163.NASL |
| description | The version of Google Chrome installed on the remote host is earlier than 14.0.835.163 and is affected by multiple vulnerabilities: - A race condition exists related to the certificate cache. (Issue #49377) - The Windows Media Player plugin allows click-free access to the system Flash. (Issue #51464) - MIME types are not treated authoritatively at plugin load time. (Issue #75070) - An unspecified error allows V8 script object wrappers to crash. (Issue #76771) - The included PDF functionality contains a garbage collection error. (Issue #78639) - Out-of-bounds read issues exist related to media buffers, mp3 files, box handling, Khmer characters, video handling, Tibetan characters, and triangle arrays. (Issues #82438, #85041, #89991, #90134, #90173, #95563, #95625) - An unspecified error allows data displayed in the URL to be spoofed. (Issue #83031) - Use-after-free errors exist related to unload event handling, the document loader, plugin handling, ruby, table style handling, and the focus controller. (Issues #89219, #89330, #91197, #92651, #94800, #93420, #93587) - The URL bar can be spoofed in an unspecified manner related to the forward button. (Issue #89564) - An NULL pointer error exists related to WebSockets. (Issue #89795) - An off-by-one error exists related to the V8 JavaScript engine. (Issue #91120) - A stale node error exists related to CSS stylesheet handling. (Issue #92959) - A cross-origin bypass error exists related to the V8 JavaScript engine. (Issue #93416) - A double-free error exists related to XPath handling in libxml. (Issue #93472) - Incorrect permissions are assigned to non-gallery pages. (Issue #93497) - An improper string read occurs in the included PDF functionality. (Issue #93596) - An unspecified error allows unintended access to objects built in to the V8 JavaScript engine. (Issue #93906) - Self-signed certificates are not pinned properly. (Issue #95917) - A variable-type confusion issue exists in the V8 JavaScript engine related to object sealing. (Issue #95920) |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 56230 |
| published | 2011-09-19 |
| reporter | This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/56230 |
| title | Google Chrome < 14.0.835.163 Multiple Vulnerabilities |
Oval
| accepted | 2014-04-07T04:01:07.800-04:00 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| contributors |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| description | Google V8, as used in Google Chrome before 14.0.835.163, does not properly implement script object wrappers, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| family | windows | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| id | oval:org.mitre.oval:def:14336 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| status | accepted | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| submitted | 2011-11-25T18:22:02.000-05:00 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| title | Google V8, as used in Google Chrome before 14.0.835.163, does not properly implement script object wrappers, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| version | 52 |
References
- http://code.google.com/p/chromium/issues/detail?id=76771
- http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14336
- http://code.google.com/p/chromium/issues/detail?id=76771
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14336
- http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html