Vulnerabilities > CVE-2011-3925 - Use After Free vulnerability in Google Chrome
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Use-after-free vulnerability in the Safe Browsing feature in Google Chrome before 16.0.912.75 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via vectors related to a navigation entry and an interstitial page.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family SuSE Local Security Checks NASL id OPENSUSE-2012-107.NASL description Chromium update to version 18.0.1022 fixes several security issues last seen 2020-06-05 modified 2014-06-13 plugin id 74543 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/74543 title openSUSE Security Update : chromium / v8 (openSUSE-2012-107) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2012-107. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(74543); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2011-3919", "CVE-2011-3921", "CVE-2011-3922", "CVE-2011-3924", "CVE-2011-3925", "CVE-2011-3926", "CVE-2011-3927", "CVE-2011-3928", "CVE-2011-5037"); script_name(english:"openSUSE Security Update : chromium / v8 (openSUSE-2012-107)"); script_summary(english:"Check for the openSUSE-2012-107 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value:"Chromium update to version 18.0.1022 fixes several security issues" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=740493" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=743319" ); script_set_attribute( attribute:"solution", value:"Update the affected chromium / v8 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-desktop-gnome"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-desktop-kde"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-suid-helper"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-suid-helper-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libv8-3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libv8-3-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:v8-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:v8-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:v8-private-headers-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.1"); script_set_attribute(attribute:"patch_publication_date", value:"2012/02/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE12\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE12.1", reference:"chromium-18.0.1022.0-1.7.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"chromium-debuginfo-18.0.1022.0-1.7.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"chromium-debugsource-18.0.1022.0-1.7.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"chromium-desktop-gnome-18.0.1022.0-1.7.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"chromium-desktop-kde-18.0.1022.0-1.7.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"chromium-suid-helper-18.0.1022.0-1.7.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"chromium-suid-helper-debuginfo-18.0.1022.0-1.7.2") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"libv8-3-3.8.9.0-1.11.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"libv8-3-debuginfo-3.8.9.0-1.11.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"v8-debugsource-3.8.9.0-1.11.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"v8-devel-3.8.9.0-1.11.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"v8-private-headers-devel-3.8.9.0-1.11.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "chromium / chromium-debuginfo / chromium-debugsource / etc"); }
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201201-17.NASL description The remote host is affected by the vulnerability described in GLSA-201201-17 (Chromium: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers and release notes referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted web site using Chromium, possibly resulting in the execution of arbitrary code with the privileges of the process, or a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 57723 published 2012-01-30 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57723 title GLSA-201201-17 : Chromium: Multiple vulnerabilities NASL family Windows NASL id GOOGLE_CHROME_16_0_912_77.NASL description The version of Google Chrome installed on the remote host is earlier than 16.0.912.77 and is, therefore, affected the following vulnerabilities: - Use-after-free errors exist related to DOM selections, DOM handling and Safe Browsing functionality. (CVE-2011-3924, CVE-2011-3925, CVE-2011-3928) - A heap-based buffer overflow exists in the last seen 2020-06-01 modified 2020-06-02 plugin id 57666 published 2012-01-24 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57666 title Google Chrome < 16.0.912.77 Multiple Vulnerabilities NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_1A1AEF8E389411E18B5C00262D5ED8EE.NASL description Google Chrome Releases reports : [106672] High CVE-2011-3921: Use-after-free in animation frames. Credit to Boris Zbarsky of Mozilla. [107128] High CVE-2011-3919: Heap-buffer-overflow in libxml. Credit to Juri Aedla. [108006] High CVE-2011-3922: Stack-buffer-overflow in glyph handling. Credit to Google Chrome Security Team (Cris Neckar). [107182] Critical CVE-2011-3925: Use-after-free in Safe Browsing navigation. Credit to Chamal de Silva. last seen 2020-06-01 modified 2020-06-02 plugin id 57454 published 2012-01-09 reporter This script is Copyright (C) 2012-2013 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57454 title FreeBSD : chromium -- multiple vulnerabilities (1a1aef8e-3894-11e1-8b5c-00262d5ed8ee)
Oval
accepted | 2014-04-07T04:01:28.067-04:00 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
contributors |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
description | Use-after-free vulnerability in the Safe Browsing feature in Google Chrome before 16.0.912.75 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via vectors related to a navigation entry and an interstitial page. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
family | windows | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
id | oval:org.mitre.oval:def:14538 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
status | accepted | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
submitted | 2012-01-30T14:25:58.000-05:00 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
title | Use-after-free vulnerability in the Safe Browsing feature in Google Chrome before 16.0.912.75 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via vectors related to a navigation entry and an interstitial page. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
version | 51 |
References
- http://googlechromereleases.blogspot.com/2012/01/stable-channel-update_23.html
- http://code.google.com/p/chromium/issues/detail?id=107182
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14538
- http://www.securitytracker.com/id?1026487
- http://secunia.com/advisories/47449