Month: December 2011

The internationalization (aka i18n) functionality in Google V8, as used in Google Chrome before 16.0.912.63, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bound… Continue reading CVE-2011-3914 (chrome)→

The Cascading Style Sheets (CSS) implementation in Google Chrome before 16.0.912.63 on 64-bit platforms does not properly manage property arrays, which allows remote attackers to cause a denial of service (memory corruption) via unspecified vectors. Continue reading CVE-2011-3909 (chrome, iphone_os, itunes, safari)→

Google Chrome before 16.0.912.63 does not properly handle YUV video frames, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. Continue reading CVE-2011-3910 (chrome)→

Buffer overflow in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to PDF fonts. Continue reading CVE-2011-3915 (chrome)→

The PDF parser in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. Continue reading CVE-2011-3906 (chrome)→

libxml2, as used in Google Chrome before 16.0.912.63, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. Continue reading CVE-2011-3905 (chrome, debian_linux, enterprise_linux_desktop, enterprise_linux_server, enterprise_linux_server_eus, enterprise_linux_workstation)→

Use-after-free vulnerability in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to bidirectional text (aka bidi) handling. Continue reading CVE-2011-3904 (chrome)→

The view-source feature in Google Chrome before 16.0.912.63 allows remote attackers to spoof the URL bar via unspecified vectors. Continue reading CVE-2011-3907 (chrome)→

Google Chrome before 16.0.912.63 does not properly perform regex matching, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. Continue reading CVE-2011-3903 (chrome)→

When it comes to designing secure protocols, I have a principle that goes like this: if you have to
perform any cryptographic operation before verifying the
MAC on a message you’ve received, it will
somehow inevitably lead to doom.

Continue reading The Cryptographic Doom Principle→