{"vuid":"VU#258423","idnumber":"258423","name":"Google Chrome multiple vulnerabilities","keywords":["FOE","google","chrome"],"overview":"Google Chrome contains multiple vulnerabilities that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.","clean_desc":"Google Chrome stable channel versions prior to 8.0.552.237 contain multiple memory corruption vulnerabilities. These vulnerabilities include a stack corruption vulnerability in the PDF renderer component, two memory corruption vulnerabilities in the Vorbis decoder, and a video frame size error resulting in a bad memory access. The full list of security fixes can be found in the release notes.","impact":"By convincing a user to view a specially crafted HTML document, PDF file, or video file, an attacker can cause the application to crash or possibly execute arbitrary code.","resolution":"Apply an Update Update to version 8.0.552.237 or later. In most cases, this will happen automatically.","workarounds":"","sysaffected":"","thanks":"Bug 67208 was reported by Jared Allar of the CERT/CC and bugs 67303 and 68115 were reported by David Warren of the CERT/CC. See \nGoogle's release notes\n for full credits.","author":"This document was written by Jared Allar and David Warren.","public":["http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html","http://build.chromium.org/f/chromium/perf/dashboard/ui/changelog.html?url=/branches/552/src&range=70801:68599&mode=html","http://code.google.com/p/chromium/issues/detail?id=67208","http://code.google.com/p/chromium/issues/detail?id=67303","http://code.google.com/p/chromium/issues/detail?id=68115"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2011-01-13T13:13:42Z","publicdate":"2011-01-12T00:00:00Z","datefirstpublished":"2011-01-13T14:25:20Z","dateupdated":"2012-03-28T15:24:46Z","revision":22,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"11","cam_exploitation":"0","cam_internetinfrastructure":"8","cam_population":"15","cam_impact":"11","cam_easeofexploitation":"7","cam_attackeraccessrequired":"8","cam_scorecurrent":"3.29175","cam_scorecurrentwidelyknown":"4.851","cam_scorecurrentwidelyknownexploited":"8.316","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"M","cvss_authentication":null,"cvss_confidentialityimpact":"C","cvss_integrityimpact":"C","cvss_availabilityimpact":"P","cvss_exploitablity":null,"cvss_remediationlevel":"OF","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"ND","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"9","cvss_basevector":"AV:N/AC:M/Au:N/C:C/I:C/A:P","cvss_temporalscore":"7","cvss_environmentalscore":"7","cvss_environmentalvector":"CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND","metric":3.29175,"vulnote":null}