BID:51641

Google Chrome Prior to 16.0.912.77 Multiple Security Vulnerabilities

Info

Google Chrome Prior to 16.0.912.77 Multiple Security Vulnerabilities

Bugtraq ID:	51641
Class:	Unknown
CVE:	CVE-2011-3924 CVE-2011-3925 CVE-2011-3926 CVE-2011-3927 CVE-2011-3928
Remote:	Yes
Local:	No
Published:	Jan 23 2012 12:00AM
Updated:	Mar 19 2015 08:44AM
Credit:	Arthur Gerkis, Chamal de Silva, wushi of team509, and miaubiz.
Vulnerable:	Google Chrome 16.0.912 75 Google Chrome 15.0.874 102 Google Chrome 9.0.597.94 Google Chrome 9.0.597.84 Google Chrome 9.0.597.107 Google Chrome 8.0.552.344 Google Chrome 8.0.552.310 Google Chrome 8.0.552.309 Google Chrome 8.0.552.308 Google Chrome 8.0.552.307 Google Chrome 8.0.552.306 Google Chrome 8.0.552.305 Google Chrome 8.0.552.304 Google Chrome 8.0.552.303 Google Chrome 8.0.552.302 Google Chrome 8.0.552.301 Google Chrome 8.0.552.300 Google Chrome 8.0.552.237 Google Chrome 8.0.552.226 Google Chrome 8.0.552.225 Google Chrome 8.0.552.224 Google Chrome 8.0.552.223 Google Chrome 8.0.552.222 Google Chrome 8.0.552.221 Google Chrome 8.0.552.220 Google Chrome 8.0.552.219 Google Chrome 8.0.552.218 Google Chrome 8.0.552.217 Google Chrome 8.0.552.216 Google Chrome 8.0.552.215 Google Chrome 8.0.552.214 Google Chrome 8.0.552.213 Google Chrome 8.0.552.212 Google Chrome 8.0.552.211 Google Chrome 8.0.552.210 Google Chrome 8.0.552.21 Google Chrome 8.0.552.209 Google Chrome 8.0.552.208 Google Chrome 8.0.552.207 Google Chrome 8.0.552.206 Google Chrome 8.0.552.205 Google Chrome 8.0.552.204 Google Chrome 8.0.552.203 Google Chrome 8.0.552.202 Google Chrome 8.0.552.201 Google Chrome 8.0.552.200 Google Chrome 8.0.552.20 Google Chrome 8.0.552.2 Google Chrome 8.0.552.19 Google Chrome 8.0.552.18 Google Chrome 8.0.552.17 Google Chrome 8.0.552.16 Google Chrome 8.0.552.15 Google Chrome 8.0.552.14 Google Chrome 8.0.552.13 Google Chrome 8.0.552.12 Google Chrome 8.0.552.11 Google Chrome 8.0.552.105 Google Chrome 8.0.552.104 Google Chrome 8.0.552.103 Google Chrome 8.0.552.102 Google Chrome 8.0.552.101 Google Chrome 8.0.552.100 Google Chrome 8.0.552.10 Google Chrome 8.0.552.1 Google Chrome 8.0.552.0 Google Chrome 8.0.551.1 Google Chrome 8.0.551.0 Google Chrome 8.0.550.0 Google Chrome 8.0.549.0 Google Chrome 16.0.912.75 Google Chrome 16.0.912.63 Google Chrome 16 Google Chrome 15.0.874.121 Google Chrome 15.0.874.120 Google Chrome 14.0.835.202 Google Chrome 14.0.835.186 Google Chrome 14.0.835.163 Google Chrome 14 Google Chrome 13.0.782.215 Google Chrome 13.0.782.112 Google Chrome 13.0.782.107 Google Chrome 13 Google Chrome 12.0.742.91 Google Chrome 12.0.742.112 Google Chrome 12.0.742.100 Google Chrome 12 Google Chrome 11.0.696.77 Google Chrome 11.0.696.71 Google Chrome 11.0.696.68 Google Chrome 11.0.696.65 Google Chrome 11.0.696.57 Google Chrome 11.0.696.43 Google Chrome 11.0.672.2 Google Chrome 11 Google Chrome 10.0.648.205 Google Chrome 10.0.648.205 Google Chrome 10.0.648.204 Google Chrome 10.0.648.133 Google Chrome 10.0.648.128 Google Chrome 10.0.648.127 Google Chrome 10.0.648.127 Google Chrome 10 Gentoo Linux Apple Safari 5.0.6 Apple Safari 4.1.2 for Windows Apple Safari 4.0.5 for Windows Apple Safari 4.0.5 Apple Safari 4.0.4 for Windows Apple Safari 4.0.4 Apple Safari 4.0.3 for Windows Apple Safari 4.0.3 Apple Safari 4.0.2 for Windows Apple Safari 4.0.2 Apple Safari 4.0.1 Apple Safari 3.2.3 for Windows Apple Safari 3.2.3 Apple Safari 5.1.1 for Windows Apple Safari 5.1.1 Apple Safari 5.1 for Windows Apple Safari 5.1 Apple Safari 5.0.6 for windows Apple Safari 5.0.5 for Windows Apple Safari 5.0.5 Apple Safari 5.0.4 for Windows Apple Safari 5.0.4 Apple Safari 5.0.3 for Windows Apple Safari 5.0.3 Apple Safari 5.0.2 for Windows Apple Safari 5.0.2 Apple Safari 5.0.1 for Windows Apple Safari 5.0.1 Apple Safari 5.0 for Windows Apple Safari 5.0 Apple Safari 4.1.3 for Windows Apple Safari 4.1.3 Apple Safari 4.1.2 Apple Safari 4.1.1 Apple Safari 4.1 Apple Safari 4.0 Beta Apple Safari 4.0 Apple Safari 4 for Windows Apple Safari 4 Beta Apple Safari 4 Apple iTunes 10.6 Apple iTunes 10.5 Apple iTunes 10.2.2 Apple iTunes 10.2 Apple iOS 5.1.1 Apple iOS 5.1 Apple iOS 5.0.1 Apple iOS 5 Apple iOS 4.3.5 Apple iOS 4.3 Apple iOS 4.2 Apple iOS 4.1 Apple iOS 4 Apple iOS 3.2 Apple iOS 3.1 Apple iOS 3.0 Apple iOS 2.1 Apple iOS 2.0

Not Vulnerable:	Google Chrome 16.0.912.77 Apple Safari 5.1.4 for Windows Apple Safari 5.1.4

Discussion

Google Chrome Prior to 16.0.912.77 Multiple Security Vulnerabilities

Google Chrome is prone to multiple vulnerabilities.

Attackers can exploit these issues to execute arbitrary code in the context of the browser or cause denial-of-service conditions; other attacks may also be possible.

Versions prior to Chrome 16.0.912.77 are vulnerable.

Exploit / POC

Google Chrome Prior to 16.0.912.77 Multiple Security Vulnerabilities

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Solution / Fix

Google Chrome Prior to 16.0.912.77 Multiple Security Vulnerabilities

Solution:
Updates are available. Please see the references for more information.

Apple Safari 5.1.1

Apple APPLE-SA-2012-07-25-1-Safari_Setup.exe
http://www.apple.com/safari/download/

Apple Safari5.1.4LionManual.dmg
Safari for OS X Lion v10.7.3
http://www.apple.com/safari/download/

Apple Safari5.1.4SnowLeopardManual.dmg
Safari for Mac OS X v10.6.8
http://www.apple.com/safari/download/

Apple Safari 5.0.1

Apple APPLE-SA-2012-07-25-1-Safari_Setup.exe
http://www.apple.com/safari/download/

Apple Safari 5.0 for Windows

Apple APPLE-SA-2012-07-25-1-SafariSetup.exe
http://www.apple.com/safari/download/

Apple Safari 5.0.4 for Windows

Apple APPLE-SA-2012-07-25-1-SafariSetup.exe
http://www.apple.com/safari/download/

Apple Safari 5.1

Apple APPLE-SA-2012-07-25-1-Safari_Setup.exe
http://www.apple.com/safari/download/

Apple Safari5.1.4LionManual.dmg
Safari for OS X Lion v10.7.3
http://www.apple.com/safari/download/

Apple Safari5.1.4SnowLeopardManual.dmg
Safari for Mac OS X v10.6.8
http://www.apple.com/safari/download/

Apple Safari 5.0.2 for Windows

Apple APPLE-SA-2012-07-25-1-SafariSetup.exe
http://www.apple.com/safari/download/

Apple iTunes 10.6.1.7

Apple APPLE-SA-2012-09-12-1-iTunes64Setup.exe
For 64-bit Windows XP / Vista / Windows 7
http://www.apple.com/itunes/download/

Apple APPLE-SA-2012-09-12-1-iTunesSetup.exe
For Windows XP / Vista / Windows 7
http://www.apple.com/itunes/download/

Apple Safari 5.0.3 for Windows

Apple APPLE-SA-2012-07-25-1-SafariSetup.exe
http://www.apple.com/safari/download/

Apple Safari 5.0.3

Apple APPLE-SA-2012-07-25-1-Safari_Setup.exe
http://www.apple.com/safari/download/

Apple Safari 5.0.1 for Windows

Apple APPLE-SA-2012-07-25-1-SafariSetup.exe
http://www.apple.com/safari/download/

References

Google Chrome Prior to 16.0.912.77 Multiple Security Vulnerabilities

References:

16.0.912.77 Stable Channel Update (Google)
Google Chrome Homepage (Google)
APPLE-SA-2012-09-12-1 iTunes 10.7 (Apple)