HomePentest-Tools.com Logo

Google Chrome multiple vulnerabilities - May11 (Windows) CVE-2011-1303CVE-2011-1305CVE-2011-1434CVE-2011-1435CVE-2011-1437CVE-2011-1438CVE-2011-1440CVE-2011-1441CVE-2011-1442CVE-2011-1443CVE-2011-1445CVE-2011-1446CVE-2011-1447CVE-2011-1448CVE-2011-1449CVE-2011-1450CVE-2011-1451CVE-2011-1452CVE-2011-1454CVE-2011-1455CVE-2011-1456

Severity
Not available
CVSSv3 Score
Not available
Vulnerability description

Google Chrome is prone to multiple vulnerabilities.

Risk description

- An unspecified error related to a stale pointer exists in handling of floating objects. - MIME handling does not properly ensure thread safety. - An extension with tabs permission can gain access to local files. - An integer overflow error exists within the float rendering. - An error related to blobs can be exploited to violate the same origin policy. - A use-after-free error exists within the handling of tags and CSS. - A casting error exists within then handling of floating select lists. - An error related to mutation events can be exploited to corrupt node trees. - An unspecified error related to stale pointers exists in the layering code. - Interrupted loads and navigation errors can be leveraged to spoof the URL bar. - An unspecified error related to a stale pointer exists within the handling of drop-down lists. - An unspecified error related to a stale pointer exists within the height calculations. - A use-after-free error exists within the handling of WebSockets. - An error related to dangling pointers exists within the handling of file dialogs. - An error related to dangling pointers exists within the handling of DOM id maps. - Redirects and manual reloads can be exploited to spoof the URL bar. - A use-after-free error exists within the handling of DOM ids. - An error related to stale pointers exists within the handling of PDF forms. Successful exploitation could allow attackers to bypass certain security restrictions, disclose potentially sensitive information, conduct spoofing attacks, and potentially compromise a users system.

Recommendation

Upgrade to the Google Chrome 11.0.696.57 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
May 3, 2011
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available