Details of VAR-201301-0067

ID

VAR-201301-0067

CVE

CVE-2012-5155

TITLE

Mac OS X Run on Google Chrome Vulnerable to access restrictions

Trust: 0.8

sources: JVNDB: JVNDB-2013-001105

DESCRIPTION

Google Chrome before 24.0.1312.52 on Mac OS X does not use an appropriate sandboxing approach for worker processes, which makes it easier for remote attackers to bypass intended access restrictions via unspecified vectors. Google Chrome is prone to multiple vulnerabilities. Attackers can exploit these issues to execute arbitrary code in the context of the browser, bypass security restrictions, or cause denial-of-service conditions; other attacks may also be possible. Versions prior to Chrome 24.0.1312.52 are vulnerable. This BID is being retired. The following individual records exist to better document the issues: 59438 Google Chrome Extension Process CVE-2013-0831 Unspecified Security Vulnerability 59436 Google Chrome CVE-2013-0836 Denial of Service Vulnerability 59435 Google Chrome CVE-2013-0837 Denial of Service Vulnerability 59437 Google Chrome CVE-2013-0835 Geolocation Implementation Denial of Service Vulnerability 59431 Google Chrome CVE-2013-0829 Security Bypass Vulnerability 59433 Google Chrome CVE-2013-0838 Unspecified Security Vulnerability 59430 Google Chrome CVE-2013-0828 Denial of Service Vulnerability 59428 Google Chrome CVE-2013-0832 Use-After-Free Remote Code Execution Vulnerability 59421 Google Chrome CVE-2012-5155 Security Bypass Vulnerability 59426 Google Chrome CVE-2012-5157 Denial of Service Vulnerability 59427 Google Chrome CVE-2013-0833 Denial of Service Vulnerability 59429 Google Chrome CVE-2013-0834 Denial of Service Vulnerability 59425 Google Chrome CVE-2012-5153 Out of Bounds Denial of Service Vulnerability 59424 Google Chrome CVE-2012-5156 Use-After-Free Remote Code Execution Vulnerability 59423 Google Chrome CVE-2013-0830 Unspecified Security Vulnerability 59422 Google Chrome CVE-2012-5154 Integer Overflow Vulnerability 59420 Google Chrome CVE-2012-5152 Denial of Service Vulnerability 59414 Google Chrome CVE-2012-5146 Same Origin Policy Security Bypass Vulnerability 59413 Google Chrome CVE-2012-5148 Unspecified Security Vulnerability 59418 Google Chrome CVE-2012-5147 Use-After-Free Remote Code Execution Vulnerability 59416 Google Chrome CVE-2012-5145 Use-After-Free Remote Code Execution Vulnerability 59419 Google Chrome CVE-2012-5151 Integer Overflow Vulnerability 59415 Google Chrome CVE-2012-5149 Integer Overflow Vulnerability 59417 Google Chrome CVE-2012-5150 Use-After-Free Remote Code Execution Vulnerability. Note: This issue was previously covered in BID 57251 (Google Chrome Prior to 24.0.1312.52 Multiple Security Vulnerabilities) but has been given its own record for better documentation. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Google Chrome Multiple Vulnerabilities SECUNIA ADVISORY ID: SA51825 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51825/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51825 RELEASE DATE: 2013-01-11 DISCUSS ADVISORY: http://secunia.com/advisories/51825/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51825/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51825 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to bypass certain security restrictions and compromise a user's system. 1) A buffer overflow vulnerability exists in the bundled version of Adobe Flash Player. For more information: SA51771 2) A use-after-free error exists when handling SVG layouts. 3) An error when handling URLs can be exploited to bypass the same origin policy. 4) A use-after-free error exists when handling certain DOM objects. 5) An unspecified error exists when handling certain filenames. 6) An integer overflow error exists when handling audio IPC. 7) A use-after-free error exists when seeking video. 8) An integer overflow error exists when handling JavaScript in PDF files. 9) An out-of-bounds read error exists when seeking video. 10) An out-of-bounds stack access error exists in v8. 11) An integer overflow error exists in shared memory allocation. NOTE: This vulnerability affects Windows only. 12) An unspecified error can be exploited to bypass the sandbox for worker processes. NOTE: This security issue affects Mac only. 13) A use-after-free error exists when handling certain fields in PDF files. 14) Some out-of-bounds read errors exist when handling images in PDF files. 15) A bad cast error exists in PDF root handling. 16) An unspecified error can be exploited to corrupt database metadata and access certain files. 17) A use-after-free error exists when printing. 18) An out-of-bounds read error exists when printing. 19) An out-of-bounds read error exists when handling glyph. 20) An unspecified error exists within v8 garbage collection. 21) An unspecified error exists within extension tab handling. SOLUTION: Upgrade to version 24.0.1312.52. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 2) Atte Kettunen, OUSPG 3) Erling A Ellingsen and Subodh Iyengar, Facebook 4) Jose A. Vazquez 5) Justin Schuh, Google Chrome Security Team 6, 11) Chris Evans, Google Chrome Security Team 7, 9) Inferno, Google Chrome Security Team 8, 13, 14, 15) Mateusz Jurczyk and Gynvael Coldwind, Google Security Team 10) Andreas Rossberg, Chromium development community 12) Julien Tinnes, Google Chrome Security Team 16) Juri Aedla, Google Chrome Security Team 17, 18, 19, 20) Cris Neckar, Google Chrome Security Team 21) Tom Nielsen ORIGINAL ADVISORY: http://googlechromereleases.blogspot.com/2013/01/stable-channel-update.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.43

sources: NVD: CVE-2012-5155 // JVNDB: JVNDB-2013-001105 // BID: 57251 // BID: 59421 // VULHUB: VHN-58436 // VULMON: CVE-2012-5155 // PACKETSTORM: 119495

AFFECTED PRODUCTS

vendor:	google	model:	chrome	scope:	eq	version:	24.0.1305.4	Trust: 1.6
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1306.0	Trust: 1.6
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1310.0	Trust: 1.6
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1305.1	Trust: 1.6
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1307.0	Trust: 1.6
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1305.2	Trust: 1.6
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1305.3	Trust: 1.6
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1311.1	Trust: 1.6
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1306.1	Trust: 1.6
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1305.0	Trust: 1.6
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1312.25	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1312.7	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1312.5	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1312.42	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1289.1	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1312.18	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1287.0	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1303.0	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1304.0	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1312.34	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1312.36	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1296.1	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1283.0	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1284.0	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1272.1	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1312.24	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1298.0	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1312.49	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1281.1	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1312.12	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1312.16	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1312.14	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1281.0	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1292.0	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1297.0	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1312.13	Trust: 1.0
vendor:	google	model:	chrome	scope:	lte	version:	24.0.1312.51	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1312.31	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1276.0	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1312.37	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1276.1	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1280.0	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1312.23	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1290.2	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1294.0	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1301.0	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1281.3	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1312.40	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1312.10	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1285.0	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1312.4	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1312.20	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1290.1	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1312.46	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1312.29	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1286.1	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1285.2	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1274.0	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1290.0	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1291.0	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1312.32	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1312.21	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1308.0	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1311.0	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1312.27	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1312.41	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1278.0	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1312.15	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1272.0	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1291.1	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1312.26	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1293.0	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1312.39	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1286.0	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1304.1	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1312.48	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1312.33	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1312.6	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1312.17	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1301.2	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1287.1	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1312.50	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1296.0	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1281.2	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1312.2	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1277.0	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1282.0	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1275.0	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1312.30	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1300.0	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1312.38	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1292.1	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1289.0	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1273.0	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1312.47	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1312.28	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1301.1	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1312.44	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1279.0	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1285.1	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1312.35	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1307.1	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1309.0	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1312.9	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1312.19	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1288.0	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1312.45	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1312.8	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1312.22	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1312.11	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1284.2	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1298.1	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1302.0	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1288.1	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1312.1	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1312.43	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1295.0	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1312.3	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1284.1	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1299.0	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	24.0.1312.0	Trust: 1.0
vendor:	google	model:	chrome	scope:	lt	version:	24.0.1312.52	Trust: 0.8
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.220	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.101	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	17.0.963.83	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	9.0.597.94	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	3.0.195.21	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	5.0.375127	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	12.0.742.100	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	11.0.696.57	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	4.1.249.1042	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	19.0.1084.21	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.223	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	21.0.1180.81	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	1.0.154.55	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	1.0.154.46	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.303	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	1.0.154.59	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	18.0.1025.168	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	5.0.375.70	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	1.0.154.36	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.20	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	11.0.696.43	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	1.0.154.53	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.300	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	21.0.1180.49	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	3.0.195.32	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	16.0.912.75	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	17.0.963.60	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.203	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.105	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.10	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.211	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.18	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	6.0.47255	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	13	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	20.0.1132.43	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.221	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	23.0.1271.64	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	19.0.1084.52	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.104	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.12	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.213	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.306	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.102	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	10.0.648.204	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	3.0.195.38	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.307	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	5.0.375125	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	8.0.551.0	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.208	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	10.0.648.128	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.19	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	0.2.149.27	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.301	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	2.0.172.43	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	21.0.1180.89	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.0	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.1	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.14	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.15	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.205	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.16	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	4.1.2491064	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.17	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.204	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.222	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.215	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	3.0.195.33	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	10.0.648.127	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	11.0.696.65	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	23.0.1271.97	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	1.0.154.65	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.225	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	3.0.195.24	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.21	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	18.0.1025.142	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	22.0.1229.79	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	9.0.597.107	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.302	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.219	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.310	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	5.0.375.55	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	17.0.96379	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	2.0.172.33	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.218	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.217	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.224	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.103	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	12.0.742.112	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	11.0.696.71	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	23.0.1271.91	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	7.0.548.0	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	6.0.472.59	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	6.0.472.62	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	5.0.37599	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.13	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	12.0.742.91	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	17.0.963.78	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	0.3.1549	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	1.0.154.61	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.308	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	9.0.597.84	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.210	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	8.0.550.0	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	21.0.1180.82	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	17.0.963.56	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	21.0.1180.50	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	2.0.172.37	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	4.0.249.89	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	15.0.874.120	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	22.0.1229.94	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	13.0.782.107	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	14	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	11.0.696.77	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.309	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.214	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	20.0.1132.57	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	16	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.209	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	0.2.149.30	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.202	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.226	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	8.0.551.1	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	21.0.1180.60	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	17.0.96365	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	4.1.249.1045	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	20.0.1132.23	Trust: 0.6
vendor:	google	model:	chrome beta	scope:	eq	version:	3.0	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	19	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	22.0.1229.92	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	4.0.249.78	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.201	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	2.0.172.31	Trust: 0.6
vendor:	google	model:	chrome	scope:	ne	version:	24.0.1312.52	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.11	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	11.0.696.68	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	11.0.672.2	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	7.0.517.43	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	15.0.874.121	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	12	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	14.0.835.163	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	8.0.549.0	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	7.0.517.44	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	10	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	16.0.912.77	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.304	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.2	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	18.0.1025.151	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	21.0.1180.83	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	18.0.1025.162	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.207	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	23.0.1271.95	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	13.0.782.112	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.212	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.305	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	11	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.216	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.237	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.344	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	6.0.472.53	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	7.0.517.41	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	15.0.874102	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.206	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	10.0.648.133	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	21.0.1180.79	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	13.0.782.215	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	10.0.648.205	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.200	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	14.0.835.186	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	1.0.154.64	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	4.0.211.0	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	17.0.963.46	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	21.0.1180.75	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	5.0.37586	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	16.0.912.63	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	4.1.2491059	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	4.1.2491036	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	0.2.149.29	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	14.0.835.202	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	2.0.172.30	Trust: 0.6
vendor:	google	model:	chrome	scope:	eq	version:	16.0.91275	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.100	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	1.0.154.48	Trust: 0.3

sources: BID: 57251 // BID: 59421 // JVNDB: JVNDB-2013-001105 // CNNVD: CNNVD-201301-235 // NVD: CVE-2012-5155

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-5155
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2012-5155
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201301-235
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-58436
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2012-5155
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2012-5155
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-58436
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-58436 // VULMON: CVE-2012-5155 // JVNDB: JVNDB-2013-001105 // CNNVD: CNNVD-201301-235 // NVD: CVE-2012-5155

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-58436 // JVNDB: JVNDB-2013-001105 // NVD: CVE-2012-5155

THREAT TYPE

network

Trust: 0.6

sources: BID: 57251 // BID: 59421

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201301-235

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-001105

PATCH

title:	Google Chrome	url:	http://www.google.co.jp/chrome/intl/ja/landing_ff_yt.html?hl=ja&hl=ja	Trust: 0.8
title:	Stable Channel Update	url:	http://googlechromereleases.blogspot.com/2013/01/stable-channel-update.html	Trust: 0.8

sources: JVNDB: JVNDB-2013-001105

EXTERNAL IDS

db:	NVD	id:	CVE-2012-5155	Trust: 2.9
db:	BID	id:	57251	Trust: 0.9
db:	JVNDB	id:	JVNDB-2013-001105	Trust: 0.8
db:	CNNVD	id:	CNNVD-201301-235	Trust: 0.7
db:	SECUNIA	id:	51825	Trust: 0.7
db:	BID	id:	59421	Trust: 0.5
db:	VULHUB	id:	VHN-58436	Trust: 0.1
db:	VULMON	id:	CVE-2012-5155	Trust: 0.1
db:	PACKETSTORM	id:	119495	Trust: 0.1

sources: VULHUB: VHN-58436 // VULMON: CVE-2012-5155 // BID: 57251 // BID: 59421 // JVNDB: JVNDB-2013-001105 // PACKETSTORM: 119495 // CNNVD: CNNVD-201301-235 // NVD: CVE-2012-5155

REFERENCES

url:	http://googlechromereleases.blogspot.com/2013/01/stable-channel-update.html	Trust: 2.5
url:	https://code.google.com/p/chromium/issues/detail?id=163208	Trust: 1.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-5155	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-5155	Trust: 0.8
url:	http://www.google.com/chrome	Trust: 0.6
url:	http://secunia.com/advisories/51825	Trust: 0.6
url:	http://www.securityfocus.com/bid/57251	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/264.html	Trust: 0.1
url:	https://www.securityfocus.com/bid/59421	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.rapid7.com/db/vulnerabilities/google-chrome-cve-2012-5155	Trust: 0.1
url:	http://secunia.com/advisories/51825/	Trust: 0.1
url:	http://secunia.com/vulnerability_intelligence/	Trust: 0.1
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/	Trust: 0.1
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=51825	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/personal/	Trust: 0.1
url:	http://secunia.com/advisories/51825/#comments	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/blog/325/	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1

CREDITS

Atte Kettunen of OUSPG, Jos?? A. V??zquez, Justin Schuh, Chris Evans, Google Chrome Security Team (Inferno), Julien Tinnes, Mateusz Jurczyk, Gynvael Coldwind, Andreas Rossberg of the Chromium development community, Erling A Ellingsen and Subodh Iyenger of

Trust: 0.6

sources: CNNVD: CNNVD-201301-235

SOURCES

db:	VULHUB	id:	VHN-58436
db:	VULMON	id:	CVE-2012-5155
db:	BID	id:	57251
db:	BID	id:	59421
db:	JVNDB	id:	JVNDB-2013-001105
db:	PACKETSTORM	id:	119495
db:	CNNVD	id:	CNNVD-201301-235
db:	NVD	id:	CVE-2012-5155

LAST UPDATE DATE

2025-04-11T21:15:36.956000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-58436	date:	2013-01-16T00:00:00
db:	VULMON	id:	CVE-2012-5155	date:	2013-01-16T00:00:00
db:	BID	id:	57251	date:	2015-04-13T22:14:00
db:	BID	id:	59421	date:	2013-01-10T00:00:00
db:	JVNDB	id:	JVNDB-2013-001105	date:	2013-01-17T00:00:00
db:	CNNVD	id:	CNNVD-201301-235	date:	2013-01-16T00:00:00
db:	NVD	id:	CVE-2012-5155	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-58436	date:	2013-01-15T00:00:00
db:	VULMON	id:	CVE-2012-5155	date:	2013-01-15T00:00:00
db:	BID	id:	57251	date:	2013-01-10T00:00:00
db:	BID	id:	59421	date:	2013-01-10T00:00:00
db:	JVNDB	id:	JVNDB-2013-001105	date:	2013-01-17T00:00:00
db:	PACKETSTORM	id:	119495	date:	2013-01-12T08:40:04
db:	CNNVD	id:	CNNVD-201301-235	date:	2013-01-15T00:00:00
db:	NVD	id:	CVE-2012-5155	date:	2013-01-15T21:55:01.760