Google Chrome up to 19.0.1084.51 PDF Functionality buffer overflow

VulDB: Google Chrome up to 19.0.1084.51 PDF Functionality buffer overflow

General

Google

scipID: 5453
Affected: Google Chrome up to 19.0.1084.51
Published: 05/23/2012 (Gynvael Coldwind & Mateusz Jurczyk)
Risk: critical
Entry: 91.2% complete
Created: 05/30/2012
Updated: 09/03/2012

Summary

A vulnerability was found in Google Chrome up to 19.0.1084.51 and classified as critical. This issue affects an unknown function of the component PDF Functionality. The manipulation with an unknown input leads to a buffer overflow vulnerability. Impacted is confidentiality, integrity, and availability.

The weakness was presented 05/23/2012 by Gynvael Coldwind & Mateusz Jurczyk with Google Security Team as 126337 as knowledge base article (Website). The advisory is shared for download at code.google.com. The public release was coordinated in cooperation with Google. The identification of this vulnerability is CVE-2011-3110 since 08/09/2011. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. Technical details are unknown but a private exploit is available.

Upgrading to version 19.0.1084.52 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability. The vulnerability is also documented in the databases at OSVDB (82245) and Secunia (SA49277).