ID

VAR-201204-0082

CVE

CVE-2011-3069

TITLE

Used in multiple products Webkit Service disruption in (DoS) Vulnerabilities

DESCRIPTION

Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to line boxes. This vulnerability Webkit Vulnerability in Google Chrome Other than Webkit Products that use may also be affected.Service disruption by a third party (DoS) May be affected or unknown in detail. Google Chrome is prone to multiple vulnerabilities. Attackers can exploit these issues to execute arbitrary code in the context of the browser, bypass security restrictions, and perform cross-origin attacks; other attacks may also be possible. NOTE: The issue (described by CVE-2011-3071) has been moved to BID 57027 (Webkit CVE-2011-3071 Remote Code Execution Vulnerability) to better document it. Versions prior to Chrome 18.0.1025.151 are vulnerable. Google Chrome is a web browser developed by Google (Google). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-07-25-1 Safari 6.0 Safari 6.0 is now available and addresses the following: Safari Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4 Impact: Visiting a maliciously crafted website may lead to a cross- site scripting attack Description: A cross-site scripting issue existed in the handling of feed:// URLs. This update removes handling of feed:// URLs. CVE-ID CVE-2012-0678 : Masato Kinugawa Safari Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4 Impact: Visiting a maliciously crafted website may cause files from the user's system to be sent to a remote server Description: An access control issue existed in the handling of feed:// URLs. This update removes handling of feed:// URLs. CVE-ID CVE-2012-0679 : Aaron Sigel of vtty.com Safari Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4 Impact: Passwords may autocomplete even when the site specifies that autocomplete should be disabled Description: Password input elements with the autocomplete attribute set to "off" were being autocompleted. This update addresses the issue by improved handling of the autocomplete attribute. CVE-ID CVE-2012-0680 : Dan Poltawski of Moodle Safari Downloads Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4 Impact: Opening maliciously crafted files on certain websites may lead to a cross-site scripting attack Description: An issue existed in Safari's support for the 'attachment' value for the HTTP Content-Disposition header. This header is used by many websites to serve files that were uploaded to the site by a third-party, such as attachments in web-based e-mail applications. Any script in files served with this header value would run as if the file had been served inline, with full access to other resources on the origin server. This issue is addressed by downloading resources served with this header, rather than displaying them inline. CVE-ID CVE-2011-3426 : Mickey Shkatov of laplinker.com, Kyle Osborn, Hidetake Jo at Microsoft and Microsoft Vulnerability Research (MSVR) WebKit Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4 Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues are addressed through improved memory handling. CVE-ID CVE-2011-3016 : miaubiz CVE-2011-3021 : Arthur Gerkis CVE-2011-3027 : miaubiz CVE-2011-3032 : Arthur Gerkis CVE-2011-3034 : Arthur Gerkis CVE-2011-3035 : wushi of team509 working with iDefense VCP, Arthur Gerkis CVE-2011-3036 : miaubiz CVE-2011-3037 : miaubiz CVE-2011-3038 : miaubiz CVE-2011-3039 : miaubiz CVE-2011-3040 : miaubiz CVE-2011-3041 : miaubiz CVE-2011-3042 : miaubiz CVE-2011-3043 : miaubiz CVE-2011-3044 : Arthur Gerkis CVE-2011-3050 : miaubiz CVE-2011-3053 : miaubiz CVE-2011-3059 : Arthur Gerkis CVE-2011-3060 : miaubiz CVE-2011-3064 : Atte Kettunen of OUSPG CVE-2011-3068 : miaubiz CVE-2011-3069 : miaubiz CVE-2011-3071 : pa_kt working with HP's Zero Day Initiative CVE-2011-3073 : Arthur Gerkis CVE-2011-3074 : Slawomir Blazek CVE-2011-3075 : miaubiz CVE-2011-3076 : miaubiz CVE-2011-3078 : Martin Barbella of the Google Chrome Security Team CVE-2011-3081 : miaubiz CVE-2011-3086 : Arthur Gerkis CVE-2011-3089 : Skylined of the Google Chrome Security Team, miaubiz CVE-2011-3090 : Arthur Gerkis CVE-2011-3913 : Arthur Gerkis CVE-2011-3924 : Arthur Gerkis CVE-2011-3926 : Arthur Gerkis CVE-2011-3958 : miaubiz CVE-2011-3966 : Aki Helin of OUSPG CVE-2011-3968 : Arthur Gerkis CVE-2011-3969 : Arthur Gerkis CVE-2011-3971 : Arthur Gerkis CVE-2012-0682 : Apple Product Security CVE-2012-0683 : Dave Mandelin of Mozilla CVE-2012-1520 : Martin Barbella of the Google Chrome Security Team using AddressSanitizer, Jose A. Vazquez of spa-s3c.blogspot.com working with iDefense VCP CVE-2012-1521 : Skylined of the Google Chrome Security Team, Jose A. Vazquez of spa-s3c.blogspot.com working with iDefense VCP CVE-2012-3589 : Dave Mandelin of Mozilla CVE-2012-3590 : Apple Product Security CVE-2012-3591 : Apple Product Security CVE-2012-3592 : Apple Product Security CVE-2012-3593 : Apple Product Security CVE-2012-3594 : miaubiz CVE-2012-3595 : Martin Barbella of Google Chrome Security CVE-2012-3596 : Skylined of the Google Chrome Security Team CVE-2012-3597 : Abhishek Arya of Google Chrome Security Team using AddressSanitizer CVE-2012-3599 : Abhishek Arya of Google Chrome Security Team using AddressSanitizer CVE-2012-3600 : David Levin of the Chromium development community CVE-2012-3603 : Apple Product Security CVE-2012-3604 : Skylined of the Google Chrome Security Team CVE-2012-3605 : Cris Neckar of the Google Chrome Security team CVE-2012-3608 : Skylined of the Google Chrome Security Team CVE-2012-3609 : Skylined of the Google Chrome Security Team CVE-2012-3610 : Skylined of the Google Chrome Security Team CVE-2012-3611 : Apple Product Security CVE-2012-3615 : Stephen Chenney of the Chromium development community CVE-2012-3618 : Abhishek Arya of Google Chrome Security Team using AddressSanitizer CVE-2012-3620 : Abhishek Arya of Google Chrome Security Team CVE-2012-3625 : Skylined of Google Chrome Security Team CVE-2012-3626 : Apple Product Security CVE-2012-3627 : Skylined and Abhishek Arya of Google Chrome Security team CVE-2012-3628 : Apple Product Security CVE-2012-3629 : Abhishek Arya of Google Chrome Security Team using AddressSanitizer CVE-2012-3630 : Abhishek Arya of Google Chrome Security Team using AddressSanitizer CVE-2012-3631 : Abhishek Arya of Google Chrome Security Team using AddressSanitizer CVE-2012-3633 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3634 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3635 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3636 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3637 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3638 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3639 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3640 : miaubiz CVE-2012-3641 : Slawomir Blazek CVE-2012-3642 : miaubiz CVE-2012-3644 : miaubiz CVE-2012-3645 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3646 : Julien Chaffraix of the Chromium development community, Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3653 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3655 : Skylined of the Google Chrome Security Team CVE-2012-3656 : Abhishek Arya of Google Chrome Security Team using AddressSanitizer CVE-2012-3661 : Apple Product Security CVE-2012-3663 : Skylined of Google Chrome Security Team CVE-2012-3664 : Thomas Sepez of the Chromium development community CVE-2012-3665 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3666 : Apple CVE-2012-3667 : Trevor Squires of propaneapp.com CVE-2012-3668 : Apple Product Security CVE-2012-3669 : Apple Product Security CVE-2012-3670 : Abhishek Arya of Google Chrome Security Team using AddressSanitizer, Arthur Gerkis CVE-2012-3674 : Skylined of Google Chrome Security Team CVE-2012-3678 : Apple Product Security CVE-2012-3679 : Chris Leary of Mozilla CVE-2012-3680 : Skylined of Google Chrome Security Team CVE-2012-3681 : Apple CVE-2012-3682 : Adam Barth of the Google Chrome Security Team CVE-2012-3683 : wushi of team509 working with iDefense VCP CVE-2012-3686 : Robin Cao of Torch Mobile (Beijing) WebKit Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4 Impact: Dragging and dropping selected text on a web page may lead to a cross-site information disclosure Description: A cross-origin issue existed in the handling of drag and drop events. This issue is addressed through improved origin tracking. CVE-ID CVE-2012-3689 : David Bloom of Cue WebKit Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4 Impact: Dragging and dropping selected text on a web page may cause files from the user's system to be sent to a remote server Description: An access control issue existed in the handling of drag and drop events. This issue is addressed through improved origin tracking. CVE-ID CVE-2012-3690 : David Bloom of Cue WebKit Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4 Impact: Visiting a maliciously crafted website may lead to a cross- site disclosure of information Description: A cross-origin issue existed in the handling of CSS property values. This issue is addressed through improved origin tracking. CVE-ID CVE-2012-3691 : Apple WebKit Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4 Impact: A malicious website may be able to replace the contents of an iframe on another site Description: A cross-origin issue existed in the handling of iframes in popup windows. This issue is addressed through improved origin tracking. CVE-ID CVE-2011-3067 : Sergey Glazunov WebKit Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4 Impact: Visiting a maliciously crafted website may lead to a cross- site disclosure of information Description: A cross-origin issue existed in the handling of iframes and fragment identifiers. This issue is addressed through improved origin tracking. CVE-ID CVE-2012-2815 : Elie Bursztein, Baptiste Gourdin, Gustav Rydstedt, and Dan Boneh of the Stanford University Security Laboratory WebKit Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4 Impact: Look-alike characters in a URL could be used to masquerade a website Description: The International Domain Name (IDN) support and Unicode fonts embedded in Safari could have been used to create a URL which contains look-alike characters. These could have been used in a malicious website to direct the user to a spoofed site that visually appears to be a legitimate domain. This issue is addressed by supplementing WebKit's list of known look-alike characters. Look- alike characters are rendered in Punycode in the address bar. CVE-ID CVE-2012-3693 : Matt Cooley of Symantec WebKit Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4 Impact: Dragging and dropping a file to Safari may reveal the filesystem path of the file to the website Description: An information disclosure issue existed in the handling of dragged files. This issue is addressed through improved handling of dragged files. CVE-ID CVE-2012-3694 : Daniel Cheng of Google, Aaron Sigel of vtty.com WebKit Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4 Impact: Visiting a maliciously crafted website may lead to a cross- site scripting attack Description: A canonicalization issue existed in the handling of URLs. This may have led to cross-site scripting on sites which use the location.href property. This issue is addressed through improved canonicalization of URLs. CVE-ID CVE-2012-3695 : Masato Kinugawa WebKit Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4 Impact: Visiting a maliciously crafted website may lead to HTTP request splitting Description: An HTTP header injection issue existed in the handling of WebSockets. This issue is addressed through improved WebSockets URI sanitization. CVE-ID CVE-2012-3696 : David Belcher of the BlackBerry Security Incident Response Team WebKit Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4 Impact: A maliciously crafted website may be able to spoof the value in the URL bar Description: A state management issue existed in the handling of session history. Navigations to a fragment on the current page may cause Safari to display incorrect information in the URL bar. This issue is addressed through improved session state tracking. CVE-ID CVE-2011-2845 : Jordi Chancel WebKit Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4 Impact: An attacker may be able to escape the sandbox and access any file the current user has access to Description: An access control issue existed in the handling of file URLs. An attacker who gains arbitrary code execution in a Safari WebProcess may be able to bypass the sandbox and access any file that the user running Safari has access to. This issue is addressed through improved handling of file URLs. CVE-ID CVE-2012-3697 : Aaron Sigel of vtty.com WebKit Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4 Impact: Visiting a maliciously crafted website may lead to the disclosure of the disclosure of memory contents Description: An uninitialized memory access issue existed in the handling of SVG images. This issue is addressed through improved memory initialization. CVE-ID CVE-2012-3650 : Apple Safari 6.0 is available via the Apple Software Update application. Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJQDy1eAAoJEPefwLHPlZEwJRQP/RJ41oMUhox0171MDfV4rs/h 7PpoGz3ZfIijyzy6KlF6mqdJqy/Oh/iGSJlCxhrboZZWPsgvtCQ7DoNC9p5akeH8 +h5ygcEbNm/bus/MDc0nHtHtXwcRGDLhdKtT6Kf5FUIa/lDUZbPOoe/H0/jQ5ROW DzIXImuioV2rskQvQVXMlKNVkaxLleStU84bBUwH+cCVNj5u9nWPQ7nLbptCzzG/ aL4t8MLAjkqJc/c3/a5fdqzveY0N21rkVceBeJuY5F+ejtPVCIUhqdIYzQXmZNst r5aEp1hvuyvFj00T/OT7otW52+cNnXwPOU/h/aT29S6ur9cP0mbvshMDhkESe5dv HjCRrBlkRlWQiS9u8SMwALLsI83Btk/UN5FNRe2rhtMD6O56B0RecZ14R/Uu6GEl IDRg72AwVq6NO0hFc+z9xoYrvLnmkD1mTq6HiNVbreFsOwyu/psKPwJsUpYJL+gS 5/u/Nh4XVnbK+MpXwpL22w3kzk8zoYazGmh+5B1DdevazjpKkXxj2l/MRxDEI/AE pYsgA2EwYpQeow6T69MjCuoiGK9EXSNs3bc6rsd/9WLvEedbGS2SnFYnHIO226cl OwENb/iR7hIm4JEB9pgLFRxvaWMOQVCuTDXKnnQkXPYNvUYUt4I9IZcURVDNlr+5 R4Tyq4x4MZg/D3Ho0YqS =K1+I -----END PGP SIGNATURE----- . ============================================================================ Ubuntu Security Notice USN-1524-1 August 08, 2012 webkit vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 LTS Summary: Multiple security vulnerabilities were fixed in WebKit. Software Description: - webkit: Web content engine library for GTK+ Details: A large number of security issues were discovered in the WebKit browser and JavaScript engines. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: libjavascriptcoregtk-1.0-0 1.8.1-0ubuntu0.12.04.1 libjavascriptcoregtk-3.0-0 1.8.1-0ubuntu0.12.04.1 libwebkitgtk-1.0-0 1.8.1-0ubuntu0.12.04.1 libwebkitgtk-3.0-0 1.8.1-0ubuntu0.12.04.1 After a standard system update you need to restart your session to make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1524-1 CVE-2011-3046, CVE-2011-3050, CVE-2011-3067, CVE-2011-3068, CVE-2011-3069, CVE-2011-3071, CVE-2011-3073, CVE-2011-3074, CVE-2011-3075, CVE-2011-3078, CVE-2012-0672, CVE-2012-3615, CVE-2012-3655, CVE-2012-3656, CVE-2012-3680, https://launchpad.net/bugs/1027283 Package Information: https://launchpad.net/ubuntu/+source/webkit/1.8.1-0ubuntu0.12.04.1 . This fixes multiple vulnerabilities, where some have unknown impacts while others can be exploited by malicious people to bypass certain security restrictions and compromise a user's system. ---------------------------------------------------------------------- Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch ---------------------------------------------------------------------- TITLE: Google Chrome Multiple Vulnerabilities SECUNIA ADVISORY ID: SA48732 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48732/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48732 RELEASE DATE: 2012-04-06 DISCUSS ADVISORY: http://secunia.com/advisories/48732/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/48732/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=48732 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Google Chrome where some have unknown impacts while others can be exploited by malicious people to bypass certain security restrictions and compromise a user's system. 1) Two unspecified errors in Flash Player can be exploited to corrupt memory in the Chrome interface. 2) An out-of-bounds read error exists when handling Skia clipping. 3) An error exists within the cross-origin policy when handling iframe replacement. 4) A use-after-free error exists when handling run-ins. 5) A use-after-free error exists when handling line boxes. 6) A use-after-free error exits when handling v8 bindings. 7) A use-after-free error exits when handling HTMLMediaElement. 8) An error exists within the cross-origin policy when parenting pop-up windows. 9) A use-after-free error exists when handling SVG resources. 10) A use-after-free error exists when handling media content. 11) A use-after-free error exists when applying style commands. 12) A use-after-free error exists when handling focus events. 13) A read-after-free error exists within script bindings. SOLUTION: Update to version 18.0.1025.151. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 2, 4, 5, 11, 12) miaubiz 3, 8) Sergey Glazunov 6) SkyLined, Google Chrome Security Team 7) pa_kt via ZDI 9) Arthur Gerkis 10) Slawomir Blazek 13) Inferno, Google Chrome Security Team ORIGINAL ADVISORY: http://googlechromereleases.blogspot.com/2012/04/stable-and-beta-channel-updates.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201204-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Chromium: Multiple vulnerabilities Date: April 10, 2012 Bugs: #410963 ID: 201204-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been reported in Chromium, some of which may allow execution of arbitrary code. Background ========== Chromium is an open source web browser project. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/chromium < 18.0.1025.151 >= 18.0.1025.151 Description =========== Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers and release notes referenced below for details. Impact ====== A remote attacker could entice a user to open a specially crafted web site using Chromium, possibly resulting in the execution of arbitrary code with the privileges of the process, a Denial of Service condition, or bypass of the same origin policy. Workaround ========== There is no known workaround at this time. Resolution ========== All Chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-client/chromium-18.0.1025.151" References ========== [ 1 ] CVE-2011-3066 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3066 [ 2 ] CVE-2011-3067 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3067 [ 3 ] CVE-2011-3068 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3068 [ 4 ] CVE-2011-3069 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3069 [ 5 ] CVE-2011-3070 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3070 [ 6 ] CVE-2011-3071 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3071 [ 7 ] CVE-2011-3072 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3072 [ 8 ] CVE-2011-3073 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3073 [ 9 ] CVE-2011-3074 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3074 [ 10 ] CVE-2011-3075 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3075 [ 11 ] CVE-2011-3076 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3076 [ 12 ] CVE-2011-3077 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3077 [ 13 ] Release Notes 18.0.1025.151 http://googlechromereleases.blogspot.com/2012/04/stable-and-beta-channel-= updates.html Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201204-03.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

resource management error

CONFIGURATIONS

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

miaubiz, Sergey Glazunov, Google Chrome Security Team (SkyLined), pa_kt, Arthur Gerkis, Slawomir Blazek, and Google Chrome Security Team (Inferno).

SOURCES

LAST UPDATE DATE

2024-11-23T20:41:29.241000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE