Debian Security Advisory DSA 2245-1 (chromium-browser)

Published: 2011-08-03 02:36:20
CVE Author: NIST National Vulnerability Database (NVD)

CVSS Base Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Technical Details:
Several vulnerabilities were discovered in the Chromium browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-1292 Use-after-free vulnerability in the frame-loader implementation in Google Chrome allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. CVE-2011-1293 Use-after-free vulnerability in the HTMLCollection implementation in Google Chrome allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. CVE-2011-1440 Use-after-free vulnerability in Google Chrome allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the ruby element and Cascading Style Sheets (CSS) token sequences. CVE-2011-1444 Race condition in the sandbox launcher implementation in Google Chrome on Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. CVE-2011-1797 Google Chrome does not properly render tables, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a stale pointer. CVE-2011-1799 Google Chrome does not properly perform casts of variables during interaction with the WebKit engine, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. For the stable distribution (squeeze), these problems have been fixed in version 6.0.472.63~r59945-5+squeeze5. For the testing distribution (wheezy), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 11.0.696.68~r84545-1.

Recommendations:
We recommend that you upgrade your chromium-browser Linux Distribution Packages.

Summary:
The remote host is missing an update to chromium-browser announced via advisory DSA 2245-1.

Detection Type:
Linux Distribution Package

Solution Type:
Vendor Patch

NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)

https://nvd.nist.gov/vuln/detail/CVE-2011-1292
https://nvd.nist.gov/vuln/detail/CVE-2011-1293
https://nvd.nist.gov/vuln/detail/CVE-2011-1440
https://nvd.nist.gov/vuln/detail/CVE-2011-1444
https://nvd.nist.gov/vuln/detail/CVE-2011-1797
https://nvd.nist.gov/vuln/detail/CVE-2011-1799

References:

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202245-1

Search
Severity
High
CVSS Score
9.3

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.