Vulnerabilities > CVE-2011-3112 - Resource Management Errors vulnerability in Google Chrome
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Use-after-free vulnerability in the PDF functionality in Google Chrome before 19.0.1084.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via an invalid encrypted document.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_219D0BFDA91511E1B51900262D5ED8EE.NASL description Google Chrome Releases reports : [117409] High CVE-2011-3103: Crashes in v8 garbage collection. Credit to the Chromium development community (Brett Wilson). [118018] Medium CVE-2011-3104: Out-of-bounds read in Skia. Credit to Google Chrome Security Team (Inferno). [120912] High CVE-2011-3105: Use-after-free in first-letter handling. Credit to miaubiz. [122654] Critical CVE-2011-3106: Browser memory corruption with websockets over SSL. Credit to the Chromium development community (Dharani Govindan). [124625] High CVE-2011-3107: Crashes in the plug-in JavaScript bindings. Credit to the Chromium development community (Dharani Govindan). [125159] Critical CVE-2011-3108: Use-after-free in browser cache. Credit to last seen 2020-06-01 modified 2020-06-02 plugin id 59281 published 2012-05-29 reporter This script is Copyright (C) 2012-2013 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/59281 title FreeBSD : chromium -- multiple vulnerabilities (219d0bfd-a915-11e1-b519-00262d5ed8ee) NASL family Windows NASL id GOOGLE_CHROME_19_0_1084_52.NASL description The version of Google Chrome installed on the remote host is earlier than 19.0.1084.52 and is, therefore, affected by the following vulnerabilities : - An error exists in the v8 JavaScript engine that can cause application crashes during garbage collection. (CVE-2011-3103) - An out-of-bounds read error exists related to last seen 2020-06-01 modified 2020-06-02 plugin id 59255 published 2012-05-24 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59255 title Google Chrome < 19.0.1084.52 Multiple Vulnerabilities
Oval
| accepted | 2013-08-12T04:07:14.152-04:00 | ||||||||||||
| class | vulnerability | ||||||||||||
| contributors |
| ||||||||||||
| definition_extensions |
| ||||||||||||
| description | Use-after-free vulnerability in the PDF functionality in Google Chrome before 19.0.1084.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via an invalid encrypted document. | ||||||||||||
| family | windows | ||||||||||||
| id | oval:org.mitre.oval:def:15076 | ||||||||||||
| status | accepted | ||||||||||||
| submitted | 2012-05-24T16:15:52.000-04:00 | ||||||||||||
| title | Use-after-free vulnerability in the PDF functionality in Google Chrome before 19.0.1084.52 via an invalid encrypted document | ||||||||||||
| version | 44 |
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 53679 CVE ID: CVE-2011-3103,CVE-2011-3104,CVE-2011-3105,CVE-2011-3106,CVE-2011-3107,CVE-2011-3108,CVE-2011-3109,CVE-2011-3110,CVE-2011-3111,CVE-2011-3112,CVE-2011-3113,CVE-2011-3114,CVE-2011-3115 Google Chrome是由Google开发的一款设计简单、高效的Web浏览工具。 Google Chrome 19.0.1084.52之前版本在实现上存在多个安全漏洞,攻击者可利用这些漏洞在浏览器中执行任意代码,绕过安全限制或造成拒绝服务。 1) V8无用单元回收中的不明细节错误可造成崩溃; 2)Skia中存在越界读取错误; 3)首个字母处理中存在释放后重用错误; 4)SSL中的Websocket中存在错误可被利用破坏内存; 5)插件JavaScript绑定中存在不明细节错误,可造成崩溃; 6)浏览器缓存中存在释放后重用错误; 7)GTK UI中存在故障转换错误; 8) PDF处理中存在某些错误可被利用造成越界写入; 9)V8中存在无效读取错误; 10)加密PDF中存在释放后重用错误; 11)PDF中的色彩空间中存在无效转换错误; 12)PDF函数中的错误可被利用造成缓冲区溢出; 13)V8中存在类型破坏错误; 0 Google Chrome 19.x 厂商补丁: Google ------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.google.com |
| id | SSV:60156 |
| last seen | 2017-11-19 |
| modified | 2012-05-25 |
| published | 2012-05-25 |
| reporter | Root |
| title | Google Chrome 19.0.1084.52之前版本多个安全漏洞 |
References
- http://code.google.com/p/chromium/issues/detail?id=127331
- http://googlechromereleases.blogspot.com/2012/05/stable-channel-update_23.html
- http://osvdb.org/82247
- http://secunia.com/advisories/49277
- http://www.securityfocus.com/bid/53679
- http://www.securitytracker.com/id?1027098
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15076
- http://code.google.com/p/chromium/issues/detail?id=127331
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15076
- http://www.securitytracker.com/id?1027098
- http://www.securityfocus.com/bid/53679
- http://secunia.com/advisories/49277
- http://osvdb.org/82247
- http://googlechromereleases.blogspot.com/2012/05/stable-channel-update_23.html