OSVDB ID: 76561

Title: Google Chrome Use-after-free Video Source Handling Remote Code Execution

Info

Disclosure

Oct 25, 2011

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Oct 25, 2011

Description

Classification

Location: Remote / Network Access, Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Private
Disclosure: Vendor Verified, Coordinated Disclosure
OSVDB: Web Related

Solution

Upgrade to version 15.0.874.102 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Google, Inc.

Chrome

14.0.835.202

References

OVAL ID: 12286
CVE ID: 2011-3890 (see also: NVD)
Secunia Advisory ID: 46594 46636 46974
Bugtraq ID: 50360
Related OSVDB ID: 76545 76546 76547 76548 76549 76550 76551 76552 76553 76554 76555 76556 76557 76558 76559 76560 76562
Vendor Specific News/Changelog Entry: http://code.google.com/p/chromium/issues/detail?id=99553
http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html
http://www.gentoo.org/security/en/glsa/glsa-201111-01.xml
http://www.srware.net/forum/viewtopic.php?f=18&t=2753

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/76561