ID

VAR-201112-0051

CVE

CVE-2011-3913

TITLE

Used in multiple products Webkit Service disruption in (DoS) Vulnerabilities

DESCRIPTION

Use-after-free vulnerability in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to Range handling. This vulnerability Webkit Vulnerability in Google Chrome Other than Webkit Products that use may also be affected.Service disruption by a third party (DoS) You may be put into a state or affected by other details. Google Chrome is prone to multiple vulnerabilities. Attackers can exploit these issues to execute arbitrary code, spoof content, or cause denial-of-service conditions; other attacks may also be possible. Versions prior to Chrome 16.0.912.63 are vulnerable. Google Chrome is a web browser developed by Google (Google). - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201201-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Chromium, V8: Multiple vulnerabilities Date: January 08, 2012 Bugs: #394587, #397907 ID: 201201-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been reported in Chromium and V8, some of which may allow execution of arbitrary code. Background ========== Chromium is an open source web browser project. V8 is Google's open source JavaScript engine. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/chromium < 16.0.912.75 >= 16.0.912.75 2 dev-lang/v8 < 3.6.6.11 >= 3.6.6.11 ------------------------------------------------------------------- 2 affected packages ------------------------------------------------------------------- Description =========== Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. Impact ====== A context-dependent attacker could entice a user to open a specially crafted web site or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process, or a Denial of Service condition. The attacker could also perform URL bar spoofing. Workaround ========== There is no known workaround at this time. Resolution ========== All Chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-client/chromium-16.0.912.75" All V8 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/v8-3.6.6.11" References ========== [ 1 ] CVE-2011-3903 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3903 [ 2 ] CVE-2011-3904 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3904 [ 3 ] CVE-2011-3906 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3906 [ 4 ] CVE-2011-3907 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3907 [ 5 ] CVE-2011-3908 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3908 [ 6 ] CVE-2011-3909 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3909 [ 7 ] CVE-2011-3910 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3910 [ 8 ] CVE-2011-3912 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3912 [ 9 ] CVE-2011-3913 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3913 [ 10 ] CVE-2011-3914 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3914 [ 11 ] CVE-2011-3917 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3917 [ 12 ] CVE-2011-3921 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3921 [ 13 ] CVE-2011-3922 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3922 [ 14 ] Release Notes 16.0.912.63 http://googlechromereleases.blogspot.com/2011/12/stable-channel-update.html [ 15 ] Release Notes 16.0.912.75 http://googlechromereleases.blogspot.com/2012/01/stable-channel-update.html Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201201-03.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

resource management error

CONFIGURATIONS

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

David Holloway, Google Chrome Security Team (Inferno), Aki Helin of OUSPG, Mitja Kolsek of ACROS Security, Google Chrome Security Team (scarybeasts), Chu, Google Chrome Security Team (Cris Neckar), Robert Swiecki of the Google Security Team, Arthur Gerkis,

SOURCES

LAST UPDATE DATE

2025-04-11T21:38:49.512000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE