Vulnerabilities > CVE-2011-3912 - Use After Free vulnerability in Google Chrome

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

Use-after-free vulnerability in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG filters.

Vulnerable Configurations

Part Description Count
Application
Google
1906

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201201-03.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201201-03 (Chromium, V8: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. Impact : A context-dependent attacker could entice a user to open a specially crafted website or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process, or a Denial of Service condition. The attacker could also perform URL bar spoofing. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id57456
    published2012-01-09
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57456
    titleGLSA-201201-03 : Chromium, V8: Multiple vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 201201-03.
    #
    # The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(57456);
      script_version("1.7");
      script_cvs_date("Date: 2018/08/10 18:07:07");
    
      script_cve_id("CVE-2011-3903", "CVE-2011-3904", "CVE-2011-3906", "CVE-2011-3907", "CVE-2011-3908", "CVE-2011-3909", "CVE-2011-3910", "CVE-2011-3912", "CVE-2011-3913", "CVE-2011-3914", "CVE-2011-3917", "CVE-2011-3921", "CVE-2011-3922");
      script_xref(name:"GLSA", value:"201201-03");
    
      script_name(english:"GLSA-201201-03 : Chromium, V8: Multiple vulnerabilities");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-201201-03
    (Chromium, V8: Multiple vulnerabilities)
    
        Multiple vulnerabilities have been discovered in Chromium and V8. Please
          review the CVE identifiers and release notes referenced below for
          details.
      
    Impact :
    
        A context-dependent attacker could entice a user to open a specially
          crafted website or JavaScript program using Chromium or V8, possibly
          resulting in the execution of arbitrary code with the privileges of the
          process, or a Denial of Service condition.
        The attacker could also perform URL bar spoofing.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      # https://googlechromereleases.blogspot.com/2011/12/stable-channel-update.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?3a2b81fb"
      );
      # https://googlechromereleases.blogspot.com/2012/01/stable-channel-update.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?645a7adf"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/201201-03"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All Chromium users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=www-client/chromium-16.0.912.75'
        All V8 users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=dev-lang/v8-3.6.6.11'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:chromium");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:v8");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2012/01/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/01/09");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"www-client/chromium", unaffected:make_list("ge 16.0.912.75"), vulnerable:make_list("lt 16.0.912.75"))) flag++;
    if (qpkg_check(package:"dev-lang/v8", unaffected:make_list("ge 3.6.6.11"), vulnerable:make_list("lt 3.6.6.11"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Chromium / V8");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2011-93.NASL
    descriptionChromium update to to 18.0.972
    last seen2020-06-01
    modified2020-06-02
    plugin id74538
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/74538
    titleopenSUSE Security Update : v8 / chromium (openSUSE-2011-93)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2011-93.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(74538);
      script_version("1.3");
      script_cvs_date("Date: 2019/10/25 13:36:40");
    
      script_cve_id("CVE-2011-3903", "CVE-2011-3904", "CVE-2011-3905", "CVE-2011-3906", "CVE-2011-3907", "CVE-2011-3908", "CVE-2011-3909", "CVE-2011-3910", "CVE-2011-3911", "CVE-2011-3912", "CVE-2011-3914", "CVE-2011-3915", "CVE-2011-3916", "CVE-2011-3917");
    
      script_name(english:"openSUSE Security Update : v8 / chromium (openSUSE-2011-93)");
      script_summary(english:"Check for the openSUSE-2011-93 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(attribute:"description", value:"Chromium update to to 18.0.972");
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=736716"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected v8 / chromium packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-desktop-gnome");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-desktop-kde");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-suid-helper");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-suid-helper-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libv8-3");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libv8-3-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:v8-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:v8-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:v8-private-headers-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/12/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE12\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.1", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE12.1", reference:"chromium-18.0.972.0-1.5.2") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"chromium-debuginfo-18.0.972.0-1.5.2") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"chromium-debugsource-18.0.972.0-1.5.2") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"chromium-desktop-gnome-18.0.972.0-1.5.2") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"chromium-desktop-kde-18.0.972.0-1.5.2") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"chromium-suid-helper-18.0.972.0-1.5.2") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"chromium-suid-helper-debuginfo-18.0.972.0-1.5.2") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"libv8-3-3.7.12.6-1.9.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"libv8-3-debuginfo-3.7.12.6-1.9.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"v8-debugsource-3.7.12.6-1.9.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"v8-devel-3.7.12.6-1.9.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"v8-private-headers-devel-3.7.12.6-1.9.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "chromium / chromium-debuginfo / chromium-debugsource / etc");
    }
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_68AC626625C311E1B63A00262D5ED8EE.NASL
    descriptionGoogle Chrome Releases reports : [81753] Medium CVE-2011-3903: Out-of-bounds read in regex matching. Credit to David Holloway of the Chromium development community. [95465] Low CVE-2011-3905: Out-of-bounds reads in libxml. Credit to Google Chrome Security Team (Inferno). [98809] Medium CVE-2011-3906: Out-of-bounds read in PDF parser. Credit to Aki Helin of OUSPG. [99016] High CVE-2011-3907: URL bar spoofing with view-source. Credit to Mitja Kolsek of ACROS Security. [100863] Low CVE-2011-3908: Out-of-bounds read in SVG parsing. Credit to Aki Helin of OUSPG. [101010] Medium CVE-2011-3909: [64-bit only] Memory corruption in CSS property array. Credit to Google Chrome Security Team (scarybeasts) and Chu. [101494] Medium CVE-2011-3910: Out-of-bounds read in YUV video frame handling. Credit to Google Chrome Security Team (Cris Neckar). [101779] Medium CVE-2011-3911: Out-of-bounds read in PDF. Credit to Google Chrome Security Team (scarybeasts) and Robert Swiecki of the Google Security Team. [102359] High CVE-2011-3912: Use-after-free in SVG filters. Credit to Arthur Gerkis. [103921] High CVE-2011-3913: Use-after-free in Range handling. Credit to Arthur Gerkis. [104011] High CVE-2011-3914: Out-of-bounds write in v8 i18n handling. Credit to Slawomir Blazek. [104529] High CVE-2011-3915: Buffer overflow in PDF font handling. Credit to Atte Kettunen of OUSPG. [104959] Medium CVE-2011-3916: Out-of-bounds reads in PDF cross references. Credit to Atte Kettunen of OUSPG. [105162] Medium CVE-2011-3917: Stack-buffer-overflow in FileWatcher. Credit to Google Chrome Security Team (Marty Barbella). [107258] High CVE-2011-3904: Use-after-free in bidi handling. Credit to Google Chrome Security Team (Inferno) and miaubiz.
    last seen2020-06-01
    modified2020-06-02
    plugin id57292
    published2011-12-14
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57292
    titleFreeBSD : chromium -- multiple vulnerabilities (68ac6266-25c3-11e1-b63a-00262d5ed8ee)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from the FreeBSD VuXML database :
    #
    # Copyright 2003-2013 Jacques Vidrine and contributors
    #
    # Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
    # HTML, PDF, PostScript, RTF and so forth) with or without modification,
    # are permitted provided that the following conditions are met:
    # 1. Redistributions of source code (VuXML) must retain the above
    #    copyright notice, this list of conditions and the following
    #    disclaimer as the first lines of this file unmodified.
    # 2. Redistributions in compiled form (transformed to other DTDs,
    #    published online in any format, converted to PDF, PostScript,
    #    RTF and other formats) must reproduce the above copyright
    #    notice, this list of conditions and the following disclaimer
    #    in the documentation and/or other materials provided with the
    #    distribution.
    # 
    # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
    # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
    # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
    # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
    # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
    # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
    # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
    # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
    # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(57292);
      script_version("1.7");
      script_cvs_date("Date: 2019/08/02 13:32:40");
    
      script_cve_id("CVE-2011-3903", "CVE-2011-3904", "CVE-2011-3905", "CVE-2011-3906", "CVE-2011-3907", "CVE-2011-3908", "CVE-2011-3909", "CVE-2011-3910", "CVE-2011-3911", "CVE-2011-3912", "CVE-2011-3913", "CVE-2011-3914", "CVE-2011-3915", "CVE-2011-3916", "CVE-2011-3917");
    
      script_name(english:"FreeBSD : chromium -- multiple vulnerabilities (68ac6266-25c3-11e1-b63a-00262d5ed8ee)");
      script_summary(english:"Checks for updated package in pkg_info output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote FreeBSD host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Google Chrome Releases reports :
    
    [81753] Medium CVE-2011-3903: Out-of-bounds read in regex matching.
    Credit to David Holloway of the Chromium development community.
    [95465] Low CVE-2011-3905: Out-of-bounds reads in libxml. Credit to
    Google Chrome Security Team (Inferno). [98809] Medium CVE-2011-3906:
    Out-of-bounds read in PDF parser. Credit to Aki Helin of OUSPG.
    [99016] High CVE-2011-3907: URL bar spoofing with view-source. Credit
    to Mitja Kolsek of ACROS Security. [100863] Low CVE-2011-3908:
    Out-of-bounds read in SVG parsing. Credit to Aki Helin of OUSPG.
    [101010] Medium CVE-2011-3909: [64-bit only] Memory corruption in CSS
    property array. Credit to Google Chrome Security Team (scarybeasts)
    and Chu. [101494] Medium CVE-2011-3910: Out-of-bounds read in YUV
    video frame handling. Credit to Google Chrome Security Team (Cris
    Neckar). [101779] Medium CVE-2011-3911: Out-of-bounds read in PDF.
    Credit to Google Chrome Security Team (scarybeasts) and Robert Swiecki
    of the Google Security Team. [102359] High CVE-2011-3912:
    Use-after-free in SVG filters. Credit to Arthur Gerkis. [103921] High
    CVE-2011-3913: Use-after-free in Range handling. Credit to Arthur
    Gerkis. [104011] High CVE-2011-3914: Out-of-bounds write in v8 i18n
    handling. Credit to Slawomir Blazek. [104529] High CVE-2011-3915:
    Buffer overflow in PDF font handling. Credit to Atte Kettunen of
    OUSPG. [104959] Medium CVE-2011-3916: Out-of-bounds reads in PDF cross
    references. Credit to Atte Kettunen of OUSPG. [105162] Medium
    CVE-2011-3917: Stack-buffer-overflow in FileWatcher. Credit to Google
    Chrome Security Team (Marty Barbella). [107258] High CVE-2011-3904:
    Use-after-free in bidi handling. Credit to Google Chrome Security Team
    (Inferno) and miaubiz."
      );
      # http://googlechromereleases.blogspot.com/search/label/Stable%20updates
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?29fa020e"
      );
      # http://www.freebsd.org/ports/portaudit/68ac6266-25c3-11e1-b63a-00262d5ed8ee.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?51c2b178"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:chromium");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2011/12/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2011/12/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/12/14");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.");
      script_family(english:"FreeBSD Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("freebsd_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
    if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (pkg_test(save_report:TRUE, pkg:"chromium<16.0.912.63")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyWindows
    NASL idGOOGLE_CHROME_16_0_912_63.NASL
    descriptionThe version of Google Chrome installed on the remote host is earlier than 16.0.912.63 and is affected by the following vulnerabilities: - Out-of-bounds read errors exist related to regex matching, libxml, the PDF parser, the SVG parser, YUV video frame handling, i18n handling in V8 and PDF cross references. (CVE-2011-3903, CVE-2011-3905, CVE-2011-3906, CVE-2011-3908, CVE-2011-3910, CVE-2011-3911, CVE-2011-3914, CVE-2011-3916) - Use-after-free errors exist related to SVG filters, Range handling and bidi handling. (CVE-2011-3904, CVE-2011-3912, CVE-2011-3913) - URL bar spoofing is possible due to an error related to
    last seen2020-06-01
    modified2020-06-02
    plugin id57288
    published2011-12-14
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57288
    titleGoogle Chrome < 16.0.912.63 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(57288);
      script_version("1.15");
      script_cvs_date("Date: 2018/11/15 20:50:26");
    
      script_cve_id(
        "CVE-2011-3903",
        "CVE-2011-3904",
        "CVE-2011-3905",
        "CVE-2011-3906",
        "CVE-2011-3907",
        "CVE-2011-3908",
        "CVE-2011-3909",
        "CVE-2011-3910",
        "CVE-2011-3911",
        "CVE-2011-3912",
        "CVE-2011-3913",
        "CVE-2011-3914",
        "CVE-2011-3915",
        "CVE-2011-3916",
        "CVE-2011-3917"
      );
      script_bugtraq_id(51041, 51084, 51262);
    
      script_name(english:"Google Chrome < 16.0.912.63 Multiple Vulnerabilities");
      script_summary(english:"Checks version number of Google Chrome");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote host contains a web browser that is affected by multiple
    vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Google Chrome installed on the remote host is earlier
    than 16.0.912.63 and is affected by the following vulnerabilities:
    
      - Out-of-bounds read errors exist related to regex
        matching, libxml, the PDF parser, the SVG parser, YUV
        video frame handling, i18n handling in V8 and PDF cross
        references. (CVE-2011-3903, CVE-2011-3905,
        CVE-2011-3906, CVE-2011-3908, CVE-2011-3910,
        CVE-2011-3911, CVE-2011-3914, CVE-2011-3916)
    
      - Use-after-free errors exist related to SVG filters,
        Range handling and bidi handling. (CVE-2011-3904,
        CVE-2011-3912, CVE-2011-3913)
    
      - URL bar spoofing is possible due to an error related
        to 'view-source'. (CVE-2011-3907)
    
      - A memory corruption error exists related to arrays of
        CSS properties. (CVE-2011-3909)
    
      - A buffer overflow exists related to PDF font handling.
        (CVE-2011-3915)
    
      - A stack-based buffer overflow exists related to the
        'FileWatcher'. (CVE-2011-3917)");
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c20b7ac5");
      script_set_attribute(attribute:"solution", value:"Upgrade to Google Chrome 16.0.912.63 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2011/12/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2011/12/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/12/14");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:google:chrome");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.");
    
      script_dependencies("google_chrome_installed.nasl");
      script_require_keys("SMB/Google_Chrome/Installed");
    
      exit(0);
    }
    
    include("google_chrome_version.inc");
    
    get_kb_item_or_exit("SMB/Google_Chrome/Installed");
    
    installs = get_kb_list("SMB/Google_Chrome/*");
    google_chrome_check_version(installs:installs, fix:'16.0.912.63', severity:SECURITY_HOLE);
    

Oval

accepted2014-04-07T04:01:26.813-04:00
classvulnerability
contributors
  • nameScott Quint
    organizationDTCC
  • nameShane Shaffer
    organizationG2, Inc.
  • nameShane Shaffer
    organizationG2, Inc.
  • nameShane Shaffer
    organizationG2, Inc.
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameMaria Mikhno
    organizationALTX-SOFT
definition_extensions
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
  • commentGoogle Chrome is installed
    ovaloval:org.mitre.oval:def:11914
descriptionUse-after-free vulnerability in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG filters.
familywindows
idoval:org.mitre.oval:def:14519
statusaccepted
submitted2011-12-20T10:23:30.000-05:00
titleUse-after-free vulnerability in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG filters.
version52