CVE-2011-3060
https://notcve.org/view.php?id=CVE-2011-3060
Google Chrome before 18.0.1025.142 does not properly handle text fragments, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. Las versiones de Google Chrome anteriores a v18.0.1025.142 no tratan correctamente los fragmentos de texto, lo que permite a atacantes remotos provocar una denegación de servicio por lectura fuera de límite (out-of-bound read) a través de vectores no especificados. • http://code.google.com/p/chromium/issues/detail?id=114056 http://googlechromereleases.blogspot.com/2012/03/stable-channel-release-and-beta-channel.html http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://secunia.com/advisories/48618 http://secunia.com/advisories/48691 http://secunia.com/advisories/48763 http://support& • CWE-125: Out-of-bounds Read •
CVE-2011-3063
https://notcve.org/view.php?id=CVE-2011-3063
Google Chrome before 18.0.1025.142 does not properly validate the renderer's navigation requests, which has unspecified impact and remote attack vectors. Google Chrome anterior a v18.0.1025.142 no valida correctamente las solicitudes del generador de solicitudes de navegción, lo cual tiene un impacto no especificado y vectores de ataque a remotos. • http://code.google.com/p/chromium/issues/detail?id=117417 http://googlechromereleases.blogspot.com/2012/03/stable-channel-release-and-beta-channel.html http://secunia.com/advisories/48618 http://secunia.com/advisories/48691 http://secunia.com/advisories/48763 http://www.securityfocus.com/bid/52762 http://www.securitytracker.com/id?1026877 https://exchange.xforce.ibmcloud.com/vulnerabilities/74413 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15226 • CWE-20: Improper Input Validation •
CVE-2011-3049
https://notcve.org/view.php?id=CVE-2011-3049
Google Chrome before 17.0.963.83 does not properly restrict the extension web request API, which allows remote attackers to cause a denial of service (disrupted system requests) via a crafted extension. Google Chrome antes de v17.0.963.83 no restringe adecuadamente la API de peticiones de extensión web, lo que permite a atacantes remotos provocar una denegación de servicio (interrupción de peticiones del sistema) a través de una extensión diseñada a mano para este fin. • http://code.google.com/p/chromium/issues/detail?id=108648 http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00000.html http://osvdb.org/80295 http://secunia.com/advisories/48527 http://security.gentoo.org/glsa/glsa-201203-19.xml http://www.securityfocus.com/bid/52674 http://www.securitytracker.com/id?1026841 https://exchange.xforce.ibmcloud.com/vulnerabilities/74218 https://oval.cisecurity.org •
CVE-2012-1846
https://notcve.org/view.php?id=CVE-2012-1846
Google Chrome 17.0.963.66 and earlier allows remote attackers to bypass the sandbox protection mechanism by leveraging access to a sandboxed process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. NOTE: the primary affected product may be clarified later; it was not identified by the researcher, who reportedly stated "it really doesn't matter if it's third-party code." Google Chrome v17.0.963.66 y anteriores permite a atacantes remotos eludir el mecanismo de protección de sandbox, aprovechando el acceso a un proceso securizado, tal y como lo demuestró VUPEN durante una competición Pwn2Own en CanSecWest 2012. NOTA: el producto afectado será aclarado más adelante, no fue identificado por el investigador, quien declaró que "realmente no importa si se trata de código de terceros". • http://pwn2own.zerodayinitiative.com/status.html http://twitter.com/vupen/statuses/177576000761237505 http://www.forbes.com/sites/andygreenberg/2012/03/21/meet-the-hackers-who-sell-spies-the-tools-to-crack-your-pc-and-get-paid-six-figure-fees http://www.zdnet.com/blog/security/pwn2own-2012-google-chrome-browser-sandbox-first-to-fall/10588 https://exchange.xforce.ibmcloud.com/vulnerabilities/74324 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14940 • CWE-668: Exposure of Resource to Wrong Sphere •
CVE-2011-3053
https://notcve.org/view.php?id=CVE-2011-3053
Use-after-free vulnerability in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to block splitting. Una vulnerabilidad de uso después de liberación en Google Chrome antes de v17.0.963.83 permite a atacantes remotos causar una denegación de servicio o posiblemente tener un impacto no especificado a través de vectores relacionados con la división de bloques. • http://code.google.com/p/chromium/issues/detail?id=116746 http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00000.html http://osvdb.org/80291 http://secunia.com/advisories/48512 http • CWE-416: Use After Free •