VulDB: Google Chrome 18.0.1025.142 v8 Bindings unknown vulnerability
General
scipID: 5058
Affected: Google Chrome 18.0.1025.142
Published: 04/05/2012
Risk: 
problematic
Entry: 78% complete
Created: 04/12/2012
Updated: 09/03/2012
Summary
A vulnerability classified as problematic has been found in Google Chrome 18.0.1025.142. Affected is an unknown function of the component v8 Bindings. The impact remains unknown.
The weakness was presented 04/05/2012. The advisory is shared for download at code.google.com. The public release was coordinated in cooperation with the vendor. This vulnerability is traded as CVE-2011-3070 since 08/09/2011. Technical details are unknown but a private exploit is available.
Upgrading to version 18.0.1025.151 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability. The vulnerability is also documented in the databases at OSVDB (81040) and Secunia (SA48732). Further details are available at googlechromereleases.blogspot.com.CVSS
Base Score: 4.9 (CVSS2#AV:A/AC:M/Au:S/C:P/I:P/A:P) [?]
| Access Vector | Access Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Local | High | Multiple | None | None | None |
| Adjacent | Medium | Single | Partial | Partial | Partial |
| Network | Low | None | Complete | Complete | Complete |
Exploiting
Local: Yes
Remote: No
Availability: Yes
Access: Private
Countermeasures
Recommended: Upgrade
Reaction Time: 0 days since reported
0-Day Time: 0 days since found
Exposure Time: 0 days since known
Upgrade: Chrome 18.0.1025.151
Timeline
08/09/2011 | CVE assigned
04/05/2012 | Advisory disclosed
04/05/2012 | Countermeasure disclosed
04/12/2012 | OSVDB entry created
04/12/2012 | VulDB entry created
09/03/2012 | VulDB entry updated
Sources
Advisory: code.google.com
Coordinated: Yes
OSVDB: 81040
CVE: CVE-2011-3070 (mitre.org) (nist.org) (cvedetails.com)
Secunia: 48732
Misc.: googlechromereleases.blogspot.com
- Latest Entries
- Google Android Input Validation Handler Information Disclosure
- Avira AntiVir PDF Scanner Engine Denial of Service [CVE-2013-4602]
- Medical Devices Authentication schwache Authentisierung
- Apache Qpid SSL Handler Fehlkonfiguration [CVE-2013-1909]
- IBM Notes Multi User Profile Cleanup Service erweiterte Rechte
- Statistics
- Archive
