7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.069 Low
EPSS
Percentile
94.0%
Versions of Google Chrome earlier than 15.0.874.120 are affected by multiple vulnerabilities :
A double-free error exists in the Theora decoder. (CVE-2011-3892)
Out-of-bounds read errors exist in the MVK and Vorbis media handlers. (CVE-2011-3892)
A memory corruption error exists in the VP8 decoding. (CVE-2011-3894)
A heap overflow error exists in the Vorbis decoder. (CVE-2011-3895)
A buffer overflow error exists in the shader variable mapping functionality. (CVE-2011-3896)
A use-after-free error exists related to unspecified editing. (CVE-2011-3897)
In JRE7, applets are allowed to run without the proper permissions. (CVE-2011-3898)
Binary data 800938.prm
googlechromereleases.blogspot.com/2011/11/stable-channel-update.html
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3892
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3893
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3894
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3895
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3896
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3897
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3898