Google Chrome < 20.0.1132.43 Multiple Vulnerabilities

high Log Correlation Engine Plugin ID 800967

Synopsis

The remote host contains a web browser that is affected by multiple vulnerabilities.

Description

Versions of Google Chrome earlier than 20.0.1132.43 are potentially affected by the following vulnerabilities :

- An unspecified error allows access to iFrame fragment ID information, (CVE-2012-2815)

- An unspecified issue is triggered when sandboxed processes interfere with one another. (CVE-2012-2816)

- A user-after free issue exists in handling table sections which may allow for execution of arbitrary code. (CVE-2012-02817)

- An unspecified use-after-free flaw exists in the counter layout which may allow for execution of arbitrary code. (CVE-2012-2818)

- A flaw exists in the WebGL subsystem when the texSubImage2d implementation does not properly handle uploads to floating-point textures, which may allow a remote denial of service. (CVE-2012-2919)

- An out-of-bounds read error occurs during the handling of SVG filters, which may allow a remote denial of service. (CVE-2012-2820)

- A flaw exists in the autofill display. No further details have been provided. (CVE-2012-2821)

- An out-of-bounds read error occurs during the handling of PDF files, which may allow multiple unspecified remote denial of service attacks. (CVE-2012-2822)

- An user-after-free flaw exists during the handling of SVG resources, which may allow for execution of arbitrary code. (CVE-2012-2823, CVE-2012-2831)

- An user-after-free flaw exists in SVG painting. No further details have been provided. (CVE-2012-2824)

- An out-of-bounds read error occurs during texture conversion which may allow a remote denial of service. (CVE-2012-2826)

- An use-after-free flaw in the Mac GUI. No further details have been provided. (CVE-2012-2827)

- A flaw exists in improper sanitizing of user-supplied inputting resulting in multiple unspecified integer overflows with a specially crafted PDF file. (CVE-2012-2828)

- An user-after-free flaw is triggered during handling of first letters. No further details have been provided. (CVE-2012-2829)

- A flaw is triggered when an unspecified NULL pointer dereference occurs in array setting handling. (CVE-2012-2830)

- A flaw is triggered when a NULL pointer dereference occurs in a PDF image codec. (CVE-2012-2832)

- An overflow condition occurs when the PDF JS API fails to properly sanitize user-supplied input resulting in a buffer overflow. (CVE-2012-2833)

- An overflow condition occurs in the Matroska container which fails to properly sanitize user-supplied input resulting in an integer overflow. (CVE-2012-2834)

- A flaw exists in the way it loads dynamic-link-libraries (DLL). (CVE-2012-2764)

- A flaw is triggered when an unspecified wild read occurs during the handling of XSL. (CVE-2012-2825)

- This issue is only present on 64-bit Linux platforms. The libxml is prone to multiple unspecified overflow conditions. (CVE-2012-2807)

Solution

Upgrade to Google Chrome 20.0.1132.43 or later.

See Also

http://www.nessus.org/u?50aa8d41

http://www.nessus.org/u?c9fd4072

Plugin Details

Severity: High

ID: 800967

Family: Web Clients

Published: 7/5/2012

Nessus ID: 59735

Vulnerability Information

Patch Publication Date: 6/26/2012

Vulnerability Publication Date: 6/26/2012

Reference Information

CVE: CVE-2012-2764, CVE-2012-2807, CVE-2012-2815, CVE-2012-2816, CVE-2012-2817, CVE-2012-2818, CVE-2012-2819, CVE-2012-2820, CVE-2012-2821, CVE-2012-2822, CVE-2012-2823, CVE-2012-2824, CVE-2012-2825, CVE-2012-2826, CVE-2012-2827, CVE-2012-2828, CVE-2012-2829, CVE-2012-2830, CVE-2012-2831, CVE-2012-2832, CVE-2012-2833, CVE-2012-2834

BID: 54203