BID:51041

Google Chrome Prior to 16.0.912.63 Multiple Security Vulnerabilities

Info

Google Chrome Prior to 16.0.912.63 Multiple Security Vulnerabilities

Bugtraq ID:	51041
Class:	Unknown
CVE:	CVE-2011-3903 CVE-2011-3904 CVE-2011-3906 CVE-2011-3907 CVE-2011-3908 CVE-2011-3909 CVE-2011-3910 CVE-2011-3911 CVE-2011-3912 CVE-2011-3913 CVE-2011-3914 CVE-2011-3915 CVE-2011-3916 CVE-2011-3917
Remote:	Yes
Local:	No
Published:	Dec 13 2011 12:00AM
Updated:	Mar 19 2015 09:34AM
Credit:	David Holloway, Google Chrome Security Team (Inferno), Aki Helin of OUSPG, Mitja Kolsek of ACROS Security, Google Chrome Security Team (scarybeasts), Chu, Google Chrome Security Team (Cris Neckar), Robert Swiecki of the Google Security Team, Arthur Gerkis,
Vulnerable:	Google Chrome 15.0.874 102 Google Chrome 9.0.597.94 Google Chrome 9.0.597.84 Google Chrome 9.0.597.107 Google Chrome 8.0.552.344 Google Chrome 8.0.552.310 Google Chrome 8.0.552.309 Google Chrome 8.0.552.308 Google Chrome 8.0.552.307 Google Chrome 8.0.552.306 Google Chrome 8.0.552.305 Google Chrome 8.0.552.304 Google Chrome 8.0.552.303 Google Chrome 8.0.552.302 Google Chrome 8.0.552.301 Google Chrome 8.0.552.300 Google Chrome 8.0.552.237 Google Chrome 8.0.552.226 Google Chrome 8.0.552.225 Google Chrome 8.0.552.224 Google Chrome 8.0.552.223 Google Chrome 8.0.552.222 Google Chrome 8.0.552.221 Google Chrome 8.0.552.220 Google Chrome 8.0.552.219 Google Chrome 8.0.552.218 Google Chrome 8.0.552.217 Google Chrome 8.0.552.216 Google Chrome 8.0.552.215 Google Chrome 8.0.552.214 Google Chrome 8.0.552.213 Google Chrome 8.0.552.212 Google Chrome 8.0.552.211 Google Chrome 8.0.552.210 Google Chrome 8.0.552.21 Google Chrome 8.0.552.209 Google Chrome 8.0.552.208 Google Chrome 8.0.552.207 Google Chrome 8.0.552.206 Google Chrome 8.0.552.205 Google Chrome 8.0.552.204 Google Chrome 8.0.552.203 Google Chrome 8.0.552.202 Google Chrome 8.0.552.201 Google Chrome 8.0.552.200 Google Chrome 8.0.552.20 Google Chrome 8.0.552.2 Google Chrome 8.0.552.19 Google Chrome 8.0.552.18 Google Chrome 8.0.552.17 Google Chrome 8.0.552.16 Google Chrome 8.0.552.15 Google Chrome 8.0.552.14 Google Chrome 8.0.552.13 Google Chrome 8.0.552.12 Google Chrome 8.0.552.11 Google Chrome 8.0.552.105 Google Chrome 8.0.552.104 Google Chrome 8.0.552.103 Google Chrome 8.0.552.102 Google Chrome 8.0.552.101 Google Chrome 8.0.552.100 Google Chrome 8.0.552.10 Google Chrome 8.0.552.1 Google Chrome 8.0.552.0 Google Chrome 8.0.551.1 Google Chrome 8.0.551.0 Google Chrome 8.0.550.0 Google Chrome 8.0.549.0 Google Chrome 16 Google Chrome 15.0.874.121 Google Chrome 15.0.874.120 Google Chrome 14.0.835.202 Google Chrome 14.0.835.186 Google Chrome 14.0.835.163 Google Chrome 14 Google Chrome 13.0.782.215 Google Chrome 13.0.782.112 Google Chrome 13.0.782.107 Google Chrome 13 Google Chrome 12.0.742.91 Google Chrome 12.0.742.112 Google Chrome 12.0.742.100 Google Chrome 12 Google Chrome 11.0.696.77 Google Chrome 11.0.696.71 Google Chrome 11.0.696.68 Google Chrome 11.0.696.65 Google Chrome 11.0.696.57 Google Chrome 11.0.696.43 Google Chrome 11.0.672.2 Google Chrome 11 Google Chrome 10.0.648.205 Google Chrome 10.0.648.205 Google Chrome 10.0.648.204 Google Chrome 10.0.648.133 Google Chrome 10.0.648.128 Google Chrome 10.0.648.127 Google Chrome 10.0.648.127 Google Chrome 10 Apple Safari 5.0.6 Apple Safari 4.1.2 for Windows Apple Safari 4.0.5 for Windows Apple Safari 4.0.5 Apple Safari 4.0.4 for Windows Apple Safari 4.0.4 Apple Safari 4.0.3 for Windows Apple Safari 4.0.3 Apple Safari 4.0.2 for Windows Apple Safari 4.0.2 Apple Safari 4.0.1 Apple Safari 3.2.3 for Windows Apple Safari 3.2.3 Apple Safari 5.1.1 for Windows Apple Safari 5.1.1 Apple Safari 5.1 for Windows Apple Safari 5.1 Apple Safari 5.0.6 for windows Apple Safari 5.0.5 for Windows Apple Safari 5.0.5 Apple Safari 5.0.4 for Windows Apple Safari 5.0.4 Apple Safari 5.0.3 for Windows Apple Safari 5.0.3 Apple Safari 5.0.2 for Windows Apple Safari 5.0.2 Apple Safari 5.0.1 for Windows Apple Safari 5.0.1 Apple Safari 5.0 for Windows Apple Safari 5.0 Apple Safari 4.1.3 for Windows Apple Safari 4.1.3 Apple Safari 4.1.2 Apple Safari 4.1.1 Apple Safari 4.1 Apple Safari 4.0 Beta Apple Safari 4.0 Apple Safari 4 for Windows Apple Safari 4 Beta Apple Safari 4 Apple iTunes 10.5.1 Apple iTunes 9.2.1 Apple iTunes 9.0.2 Apple iTunes 9.0.1 .8 Apple iTunes 9.0.1 Apple iTunes 9.0 Apple iTunes 9.2 Apple iTunes 9.1 Apple iTunes 8.2 Apple iTunes 8.1 Apple iTunes 8.0.2.20 Apple iTunes 8.0 Apple iTunes 10.6 Apple iTunes 10.5 Apple iTunes 10.2.2 Apple iTunes 10.2 Apple iTunes 10.1 Apple iTunes 10 Apple iPod Touch 0 Apple iPhone 0 Apple iPad 0 Apple iOS 4.2.1 Apple iOS 4.0.2 Apple iOS 4.0.1 Apple iOS 3.2.2 Apple iOS 3.2.1 Apple iOS 5.1.1 Apple iOS 5.1 Apple iOS 5.0.1 Apple iOS 5 Apple iOS 4.3.5 Apple iOS 4.3.4 Apple iOS 4.3.3 Apple iOS 4.3.2 Apple iOS 4.3.1 Apple iOS 4.3 Apple iOS 4.2.9 Apple iOS 4.2.8 Apple iOS 4.2.7 Apple iOS 4.2.6 Apple iOS 4.2.5 Apple iOS 4.2.10 Apple iOS 4.2 beta Apple iOS 4.2 Apple iOS 4.1 Apple iOS 4 Apple iOS 3.2 Apple iOS 3.1 Apple iOS 3.0 Apple iOS 2.1 Apple iOS 2.0

Not Vulnerable:	Google Chrome 16.0.912.63 Apple Safari 5.1.4 for Windows Apple Safari 5.1.4 Apple iTunes 10.6 Apple iOS 5.1

Discussion

Google Chrome Prior to 16.0.912.63 Multiple Security Vulnerabilities

Google Chrome is prone to multiple vulnerabilities.

Attackers can exploit these issues to execute arbitrary code, spoof content, or cause denial-of-service conditions; other attacks may also be possible.

Versions prior to Chrome 16.0.912.63 are vulnerable.

Exploit / POC

Google Chrome Prior to 16.0.912.63 Multiple Security Vulnerabilities

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Some of these issues may be trivial to exploit and will not require specific exploit code.

Solution / Fix

Google Chrome Prior to 16.0.912.63 Multiple Security Vulnerabilities

Solution:
Updates are available. Please see the references for more information.

Apple Safari 5.1.1

Apple Safari5.1.4LionManual.dmg
Safari for OS X Lion v10.7.3
http://www.apple.com/safari/download/

Apple Safari5.1.4SnowLeopardManual.dmg
Safari for Mac OS X v10.6.8
http://www.apple.com/safari/download/

Apple iTunes 10.5

Apple APPLE-SA-2012-03-07-1-iTunes64Setup.exe
For 64-bit Windows XP / Vista / Windows 7
http://www.apple.com/itunes/download/

Apple APPLE-SA-2012-03-07-1-iTunesSetup.exe
For Windows XP / Vista / Windows 7
http://www.apple.com/itunes/download/

Apple Safari 5.1

Apple Safari5.1.4LionManual.dmg
Safari for OS X Lion v10.7.3
http://www.apple.com/safari/download/

Apple Safari5.1.4SnowLeopardManual.dmg
Safari for Mac OS X v10.6.8
http://www.apple.com/safari/download/

Apple iTunes 10.6.1.7

Apple APPLE-SA-2012-09-12-1-iTunes64Setup.exe
For 64-bit Windows XP / Vista / Windows 7
http://www.apple.com/itunes/download/

Apple APPLE-SA-2012-09-12-1-iTunesSetup.exe
For Windows XP / Vista / Windows 7
http://www.apple.com/itunes/download/

Apple iTunes 10.5.1

Apple APPLE-SA-2012-03-07-1-iTunes64Setup.exe
For 64-bit Windows XP / Vista / Windows 7
http://www.apple.com/itunes/download/

Apple APPLE-SA-2012-03-07-1-iTunesSetup.exe
For Windows XP / Vista / Windows 7
http://www.apple.com/itunes/download/

Apple APPLE-SA-2012-09-12-1-iTunes64Setup.exe
For 64-bit Windows XP / Vista / Windows 7
http://www.apple.com/itunes/download/

Apple APPLE-SA-2012-09-12-1-iTunesSetup.exe
For Windows XP / Vista / Windows 7
http://www.apple.com/itunes/download/

References

Google Chrome Prior to 16.0.912.63 Multiple Security Vulnerabilities

References:

Google Chrome Homepage (Google)
16.0.912.63 Stable Channel Update (Google)
APPLE-SA-2012-09-12-1 iTunes 10.7 (Apple)