Google Chrome Multiple Denial Of Service Vulnerabilities - May 12 (Linux) Network Vulnerability

Summary

The host is installed with Google Chrome and is prone to multiple denial of service vulnerabilities.

Impact

Successful exploitation could allow attackers to execute arbitrary code in the context of the browser or cause a denial of service. Impact Level: System/Application

Solution

Upgrade to the Google Chrome 18.0.1025.168 or later, For updates refer to http://www.google.com/chrome

Insight

The flaws are due to - Multiple use after free errors exists, when handling floats. - A use after free error exists within the xml parser. - An error exists within the IPC validation. - A race condition exists within the sandbox IPC.

Affected

Google Chrome version prior to 18.0.1025.168 on Linux

References

http://googlechromereleases.blogspot.in/2012/04/stable-channel-update_30.html
http://secunia.com/advisories/48992/
http://securitytracker.com/id/1027001

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-3078, CVE-2011-3079, CVE-2011-3080, CVE-2011-3081, CVE-2012-1521
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

ClamAV get_unicode_name() Off-By-One Heap based BOF Vulnerability
Aast! Antivirus 'aavmker4.sys' Denial Of Service Vulnerability (Win)
Asterisk IAX2 Call Number Exhaustion DOS Vulnerability (Linux)
Google Chrome Multiple Denial of Service Vulnerabilities - March12 (Windows)
Apache APR-Utils XML Parser Denial of Service Vulnerability

Google Chrome Multiple Denial of Service Vulnerabilities - May 12 (Linux)

Take action and discover your vulnerabilities