Vulnerabilities > CVE-2011-3053 - USE After Free vulnerability in Google Chrome

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
google
apple
opensuse
CWE-416
nessus
NVD
Published: 2012-03-22
Updated: 2020-04-14

Summary

Use-after-free vulnerability in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to block splitting.

Vulnerable Configurations

Part Description Count
Application
Google
2042
Application
Apple
277
OS
Apple
100
OS
Opensuse
1

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1617-1.NASL
    descriptionA large number of security issues were discovered in the WebKit browser and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id62707
    published2012-10-26
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/62707
    titleUbuntu 12.04 LTS : webkit vulnerabilities (USN-1617-1)
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-1617-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(62707);
  script_version("1.8");
  script_cvs_date("Date: 2019/09/19 12:54:28");

  script_cve_id("CVE-2011-3031", "CVE-2011-3038", "CVE-2011-3042", "CVE-2011-3043", "CVE-2011-3044", "CVE-2011-3051", "CVE-2011-3053", "CVE-2011-3059", "CVE-2011-3060", "CVE-2011-3064", "CVE-2011-3067", "CVE-2011-3076", "CVE-2011-3081", "CVE-2011-3086", "CVE-2011-3090", "CVE-2012-1521", "CVE-2012-3598", "CVE-2012-3601", "CVE-2012-3604", "CVE-2012-3611", "CVE-2012-3612", "CVE-2012-3617", "CVE-2012-3625", "CVE-2012-3626", "CVE-2012-3627", "CVE-2012-3628", "CVE-2012-3645", "CVE-2012-3652", "CVE-2012-3657", "CVE-2012-3669", "CVE-2012-3670", "CVE-2012-3671", "CVE-2012-3672", "CVE-2012-3674");
  script_bugtraq_id(52271, 52674, 52762, 52913, 53309, 53540, 54680, 55534);
  script_xref(name:"USN", value:"1617-1");

  script_name(english:"Ubuntu 12.04 LTS : webkit vulnerabilities (USN-1617-1)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A large number of security issues were discovered in the WebKit
browser and JavaScript engines. If a user were tricked into viewing a
malicious website, a remote attacker could exploit a variety of issues
related to web browser security, including cross-site scripting
attacks, denial of service attacks, and arbitrary code execution.

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/1617-1/"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-1.0-0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-3.0-0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libwebkitgtk-1.0-0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libwebkitgtk-3.0-0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/03/05");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/10/25");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/10/26");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(12\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

flag = 0;

if (ubuntu_check(osver:"12.04", pkgname:"libjavascriptcoregtk-1.0-0", pkgver:"1.8.3-0ubuntu0.12.04.1")) flag++;
if (ubuntu_check(osver:"12.04", pkgname:"libjavascriptcoregtk-3.0-0", pkgver:"1.8.3-0ubuntu0.12.04.1")) flag++;
if (ubuntu_check(osver:"12.04", pkgname:"libwebkitgtk-1.0-0", pkgver:"1.8.3-0ubuntu0.12.04.1")) flag++;
if (ubuntu_check(osver:"12.04", pkgname:"libwebkitgtk-3.0-0", pkgver:"1.8.3-0ubuntu0.12.04.1")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libjavascriptcoregtk-1.0-0 / libjavascriptcoregtk-3.0-0 / etc");
}
  • NASL familyWindows
    NASL idITUNES_10_7.NASL
    descriptionThe version of Apple iTunes installed on the remote Windows host is older than 10.7 and is, therefore, affected by multiple memory corruption vulnerabilities in WebKit.
    last seen2020-06-01
    modified2020-06-02
    plugin id62077
    published2012-09-13
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/62077
    titleApple iTunes < 10.7 Multiple Vulnerabilities (credentialed check)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_330106DA740611E1A1D700262D5ED8EE.NASL
    descriptionGoogle Chrome Releases reports : [113902] High CVE-2011-3050: Use-after-free with first-letter handling. Credit to miaubiz. [116162] High CVE-2011-3045: libpng integer issue from upstream. Credit to Glenn Randers-Pehrson of the libpng project. [116461] High CVE-2011-3051: Use-after-free in CSS cross-fade handling. Credit to Arthur Gerkis. [116637] High CVE-2011-3052: Memory corruption in WebGL canvas handling. Credit to Ben Vanik of Google. [116746] High CVE-2011-3053: Use-after-free in block splitting. Credit to miaubiz. [117418] Low CVE-2011-3054: Apply additional isolations to webui privileges. Credit to Sergey Glazunov. [117736] Low CVE-2011-3055: Prompt in the browser native UI for unpacked extension installation. Credit to PinkiePie. [117550] High CVE-2011-3056: Cross-origin violation with
    last seen2020-06-01
    modified2020-06-02
    plugin id58438
    published2012-03-23
    reporterThis script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/58438
    titleFreeBSD : chromium -- multiple vulnerabilities (330106da-7406-11e1-a1d7-00262d5ed8ee)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2012-207.NASL
    description - Update to 19.0.1079 Security Fixes (bnc#754456) : - High CVE-2011-3050: Use-after-free with first-letter handling - High CVE-2011-3045: libpng integer issue from upstream - High CVE-2011-3051: Use-after-free in CSS cross-fade handling - High CVE-2011-3052: Memory corruption in WebGL canvas handling - High CVE-2011-3053: Use-after-free in block splitting - Low CVE-2011-3054: Apply additional isolations to webui privileges - Low CVE-2011-3055: Prompt in the browser native UI for unpacked extension installation - High CVE-2011-3056: Cross-origin violation with &ldquo;magic iframe&rdquo;. - Low CVE-2011-3049: Extension web request API can interfere with system requests Other Fixes : - The short-cut key for caps lock (Shift + Search) is disabled when an accessibility screen reader is enabled - Fixes an issue with files not being displayed in File Manager when some file names contain UTF-8 characters (generally accented characters) - Fixed dialog boxes in settings. (Issue: 118031) - Fixed flash videos turning white on mac when running with --disable-composited-core-animation-plugins (Issue: 117916) - Change to look for correctly sized favicon when multiple images are provided. (Issue: 118275) - Fixed issues - 116044, 117470, 117068, 117668, 118620 - Update to 19.0.1077 - Update to 19.0.1074 - Build Chromium on openSUSE > 12.1 with the gold linker - Fix build issues with GCC 4.7 - Update to 19.0.1071 - Several fixes and improvements in the new Settings, Extensions, and Help pages. - Fixed the flashing when switched between composited and non-composited mode. [Issue: 116603] - Fixed stability issues 116913, 117217, 117347, 117081
    last seen2020-06-05
    modified2014-06-13
    plugin id74587
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74587
    titleopenSUSE Security Update : chromium / v8 (openSUSE-SU-2012:0466-1)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SAFARI6_0.NASL
    descriptionThe version of Apple Safari installed on the remote Mac OS X host is earlier than 6.0. It is, therefore, potentially affected by several issues : - An unspecified cross-site scripting issue exists. (CVE-2012-0678) - An error in the handling of
    last seen2020-06-01
    modified2020-06-02
    plugin id60127
    published2012-07-26
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60127
    titleMac OS X : Apple Safari < 6.0 Multiple Vulnerabilities
  • NASL familyWindows
    NASL idGOOGLE_CHROME_17_0_963_83.NASL
    descriptionThe version of Google Chrome installed on the remote host is earlier than 17.0.963.83 and is, therefore, affected by the following vulnerabilities : - An unspecified integer issue exists in libpng. (CVE-2011-3045) - An error exists related to the extension web request API that could allow denial of service attacks. Note this issue was corrected in a previous, unspecified release. (CVE-2011-3049) - Use-after-free errors exist related to
    last seen2020-06-01
    modified2020-06-02
    plugin id58434
    published2012-03-22
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58434
    titleGoogle Chrome < 17.0.963.83 Multiple Vulnerabilities
  • NASL familyPeer-To-Peer File Sharing
    NASL idITUNES_10_7_BANNER.NASL
    descriptionThe version of Apple iTunes on the remote host is prior to version 10.7. It is, therefore, affected by multiple memory corruption vulnerabilities in the WebKit component.
    last seen2020-06-01
    modified2020-06-02
    plugin id62078
    published2012-09-13
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/62078
    titleApple iTunes < 10.7 Multiple Vulnerabilities (uncredentialed check)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201203-19.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201203-19 (Chromium: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers and release notes referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted web site using Chromium, possibly resulting in the execution of arbitrary code with the privileges of the process, a Denial of Service condition, Universal Cross-Site Scripting, or installation of an extension without user interaction. A remote attacker could also entice a user to install a specially crafted extension that would interfere with browser-issued web requests. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id59611
    published2012-06-21
    reporterThis script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/59611
    titleGLSA-201203-19 : Chromium: Multiple vulnerabilities

Oval

accepted2013-08-12T04:06:15.289-04:00
classvulnerability
contributors
  • nameShane Shaffer
    organizationG2, Inc.
  • nameShane Shaffer
    organizationG2, Inc.
  • nameShane Shaffer
    organizationG2, Inc.
  • nameMaria Kedovskaya
    organizationALTX-SOFT
definition_extensions
commentGoogle Chrome is installed
ovaloval:org.mitre.oval:def:11914
descriptionUse-after-free vulnerability in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to block splitting.
familywindows
idoval:org.mitre.oval:def:14658
statusaccepted
submitted2012-03-22T14:05:33.178-04:00
titleUse-after-free vulnerability in Google Chrome before 17.0.963.83 via vectors related to block splitting.
version45

References