PROBLEM:
Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code
PLATFORM:
Prior to 18.0.1025.168
ABSTRACT:
Several vulnerabilities were reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system
reference LINKS:
SecurityTracker Alert ID: 1027001
CVE-2011-3078
CVE-2011-3079
CVE-2011-3080
IMPACT ASSESSMENT:
High
Discussion:
A remote user can create specially crafted content that, when loaded by the target user, will trigger a use-after-free, validation error, or race condition and execute arbitrary code on the target system. The code will run with the privileges of the target user. A use-after-free may occur in floats handling. An IPC validation failure may occur. A race condition may occur in sandbox IPC. A use-after-free may occur in floats handling [CVE-2011-3081]. A use-after-free may occur in the xml parser [CVE-2012-1521].
Impact:
A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.