Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в Google Chrome
Опубликовано:27 ноября 2011 г.
Источник:
SecurityVulns ID:12055
Тип:клиент
Уровень опасности:
8/10
Описание:Выполнение кода, повышение привилегий, DoS.
Затронутые продукты:GOOGLE : Chrome 15.0
CVE:CVE-2011-3900 (Google V8, as used in Google Chrome before 15.0.874.121, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write operation.)
 CVE-2011-3899
 CVE-2011-3898 (Google Chrome before 15.0.874.120, when Java Runtime Environment (JRE) 7 is used, does not request user confirmation before applet execution begins, which allows remote attackers to have an unspecified impact via a crafted applet.)
 CVE-2011-3897 (Use-after-free vulnerability in Google Chrome before 15.0.874.120 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to editing.)
 CVE-2011-3896 (Buffer overflow in Google Chrome before 15.0.874.120 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to shader variable mapping.)
 CVE-2011-3895 (Heap-based buffer overflow in the Vorbis decoder in Google Chrome before 15.0.874.120 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted stream.)
 CVE-2011-3894 (Google Chrome before 15.0.874.120 does not properly perform VP8 decoding, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted stream.)
 CVE-2011-3893 (Google Chrome before 15.0.874.120 does not properly implement the MKV and Vorbis media handlers, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.)
 CVE-2011-3892 (Double free vulnerability in the Theora decoder in Google Chrome before 15.0.874.120 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted stream.)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород