ID CVE-2012-2868
Summary Race condition in Google Chrome before 21.0.1180.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving improper interaction between worker processes and an XMLHttpRequest (aka XHR) object.
References
Vulnerable Configurations
  • OpenSUSE 12.1
    cpe:2.3:o:opensuse:opensuse:12.1
  • OpenSUSE 12.2
    cpe:2.3:o:opensuse:opensuse:12.2
  • Google Chrome 21.0.1180.0
    cpe:2.3:a:google:chrome:21.0.1180.0
  • Google Chrome 21.0.1180.1
    cpe:2.3:a:google:chrome:21.0.1180.1
  • Google Chrome 21.0.1180.2
    cpe:2.3:a:google:chrome:21.0.1180.2
  • Google Chrome 21.0.1180.31
    cpe:2.3:a:google:chrome:21.0.1180.31
  • Google Chrome 21.0.1180.32
    cpe:2.3:a:google:chrome:21.0.1180.32
  • Google Chrome 21.0.1180.33
    cpe:2.3:a:google:chrome:21.0.1180.33
  • Google Chrome 21.0.1180.34
    cpe:2.3:a:google:chrome:21.0.1180.34
  • Google Chrome 21.0.1180.35
    cpe:2.3:a:google:chrome:21.0.1180.35
  • Google Chrome 21.0.1180.36
    cpe:2.3:a:google:chrome:21.0.1180.36
  • Google Chrome 21.0.1180.37
    cpe:2.3:a:google:chrome:21.0.1180.37
  • Google Chrome 21.0.1180.38
    cpe:2.3:a:google:chrome:21.0.1180.38
  • Google Chrome 21.0.1180.39
    cpe:2.3:a:google:chrome:21.0.1180.39
  • Google Chrome 21.0.1180.41
    cpe:2.3:a:google:chrome:21.0.1180.41
  • Google Chrome 21.0.1180.46
    cpe:2.3:a:google:chrome:21.0.1180.46
  • Google Chrome 21.0.1180.47
    cpe:2.3:a:google:chrome:21.0.1180.47
  • Google Chrome 21.0.1180.48
    cpe:2.3:a:google:chrome:21.0.1180.48
  • Google Chrome 21.0.1180.49
    cpe:2.3:a:google:chrome:21.0.1180.49
  • Google Chrome 21.0.1180.50
    cpe:2.3:a:google:chrome:21.0.1180.50
  • Google Chrome 21.0.1180.51
    cpe:2.3:a:google:chrome:21.0.1180.51
  • Google Chrome 21.0.1180.52
    cpe:2.3:a:google:chrome:21.0.1180.52
  • Google Chrome 21.0.1180.53
    cpe:2.3:a:google:chrome:21.0.1180.53
  • Google Chrome 21.0.1180.54
    cpe:2.3:a:google:chrome:21.0.1180.54
  • Google Chrome 21.0.1180.55
    cpe:2.3:a:google:chrome:21.0.1180.55
  • Google Chrome 21.0.1180.56
    cpe:2.3:a:google:chrome:21.0.1180.56
  • Google Chrome 21.0.1180.57
    cpe:2.3:a:google:chrome:21.0.1180.57
  • Google Chrome 21.0.1180.59
    cpe:2.3:a:google:chrome:21.0.1180.59
  • Google Chrome 21.0.1180.60
    cpe:2.3:a:google:chrome:21.0.1180.60
  • Google Chrome 21.0.1180.61
    cpe:2.3:a:google:chrome:21.0.1180.61
  • Google Chrome 21.0.1180.62
    cpe:2.3:a:google:chrome:21.0.1180.62
  • Google Chrome 21.0.1180.63
    cpe:2.3:a:google:chrome:21.0.1180.63
  • Google Chrome 21.0.1180.64
    cpe:2.3:a:google:chrome:21.0.1180.64
  • Google Chrome 21.0.1180.68
    cpe:2.3:a:google:chrome:21.0.1180.68
  • Google Chrome 21.0.1180.69
    cpe:2.3:a:google:chrome:21.0.1180.69
  • Google Chrome 21.0.1180.70
    cpe:2.3:a:google:chrome:21.0.1180.70
  • Google Chrome 21.0.1180.71
    cpe:2.3:a:google:chrome:21.0.1180.71
  • Google Chrome 21.0.1180.72
    cpe:2.3:a:google:chrome:21.0.1180.72
  • Google Chrome 21.0.1180.73
    cpe:2.3:a:google:chrome:21.0.1180.73
  • Google Chrome 21.0.1180.74
    cpe:2.3:a:google:chrome:21.0.1180.74
  • Google Chrome 21.0.1180.75
    cpe:2.3:a:google:chrome:21.0.1180.75
  • Google Chrome 21.0.1180.76
    cpe:2.3:a:google:chrome:21.0.1180.76
  • Google Chrome 21.0.1180.77
    cpe:2.3:a:google:chrome:21.0.1180.77
  • Google Chrome 21.0.1180.78
    cpe:2.3:a:google:chrome:21.0.1180.78
  • Google Chrome 21.0.1180.79
    cpe:2.3:a:google:chrome:21.0.1180.79
  • Google Chrome 21.0.1180.80
    cpe:2.3:a:google:chrome:21.0.1180.80
  • Google Chrome 21.0.1180.81
    cpe:2.3:a:google:chrome:21.0.1180.81
  • Google Chrome 21.0.1180.82
    cpe:2.3:a:google:chrome:21.0.1180.82
  • Google Chrome 21.0.1180.83
    cpe:2.3:a:google:chrome:21.0.1180.83
  • Google Chrome 21.0.1180.84
    cpe:2.3:a:google:chrome:21.0.1180.84
  • Google Chrome 21.0.1180.85
    cpe:2.3:a:google:chrome:21.0.1180.85
  • Google Chrome 21.0.1180.86
    cpe:2.3:a:google:chrome:21.0.1180.86
  • Google Chrome 21.0.1180.87
    cpe:2.3:a:google:chrome:21.0.1180.87
  • Google Chrome 21.0.1180.88
    cpe:2.3:a:google:chrome:21.0.1180.88
CVSS
Base: 6.8 (as of 29-09-2016 - 11:21)
Impact:
Exploitability:
CWE CWE-362
CAPEC
  • Leveraging Race Conditions
    This attack targets a race condition occurring when multiple processes access and manipulate the same resource concurrently and the outcome of the execution depends on the particular order in which the access takes place. The attacker can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance a race condition can occur while accessing a file, the attacker can trick the system by replacing the original file with his version and cause the system to read the malicious file.
  • Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
    This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. The typical example is the file access. The attacker can leverage a file access race condition by "running the race", meaning that he would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the attacker could do something such as replace the file and cause an escalation of privilege.
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Windows
    NASL id GOOGLE_CHROME_21_0_1180_89.NASL
    description The version of Google Chrome installed on the remote host is earlier than 21.0.1180.89 and is, therefore, affected by the following vulnerabilities : - An out-of-bounds read error exists related to line-breaking. (CVE-2012-2865) - Variable casting errors exist related to 'run-ins' and XSL transformations. (CVE-2012-2866, CVE-2012-2871) - An unspecified error exists related to the SPDY protocol that can result in application crashes. (CVE-2012-2867) - A unspecified race condition exists related to 'workers' and XHR. (CVE-2012-2868) - An unspecified error exists related to stale buffers and URL loading. (CVE-2012-2869) - Memory management issues exist related to XPath processing. (CVE-2012-2870) - Cross-site scripting is possible during the SSL interstitial process. (CVE-2012-2872) Successful exploitation of any of these issues could lead to an application crash or arbitrary code execution, subject to the user's privileges.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 61774
    published 2012-09-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61774
    title Google Chrome < 21.0.1180.89 Multiple Vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2012-619.NASL
    description Chromium was updated to 21.0.1180.88 to fix various bugs and security issues. Security fixes and rewards : Please see the Chromium security pagefor more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix. - [$500] [121347] Medium CVE-2012-2865: Out-of-bounds read in line breaking. Credit to miaubiz. - [$1000] [134897] High CVE-2012-2866: Bad cast with run-ins. Credit to miaubiz. - [135485 ] Low CVE-2012-2867: Browser crash with SPDY. - [$500] [136881] Medium CVE-2012-2868: Race condition with workers and XHR. Credit to miaubiz. - [137778 ] High CVE-2012-2869: Avoid stale buffer in URL loading. Credit to Fermin Serna of the Google Security Team. - [138672 ] [ 140368 ] LowCVE-2012-2870: Lower severity memory management issues in XPath. Credit to Nicolas Gregoire. - [$1000] [138673] High CVE-2012-2871: Bad cast in XSL transforms. Credit to Nicolas Gregoire. - [$500] [142956] Medium CVE-2012-2872: XSS in SSL interstitial. Credit to Emmanuel Bronshtein.
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 74759
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74759
    title openSUSE Security Update : chromium (openSUSE-SU-2012:1215-1)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201210-07.NASL
    description The remote host is affected by the vulnerability described in GLSA-201210-07 (Chromium: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers and release notes referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted web site using Chromium, possibly resulting in the execution of arbitrary code with the privileges of the process, arbitrary file write, a Denial of Service condition, Cross-Site Scripting in SSL interstitial and various Universal Cross-Site Scripting attacks. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 62652
    published 2012-10-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62652
    title GLSA-201210-07 : Chromium: Multiple vulnerabilities
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_EE68923DF2F511E1801400262D5ED8EE.NASL
    description Google Chrome Releases reports : [121347] Medium CVE-2012-2865: Out-of-bounds read in line breaking. Credit to miaubiz. [134897] High CVE-2012-2866: Bad cast with run-ins. Credit to miaubiz. [135485] Low CVE-2012-2867: Browser crash with SPDY. [136881] Medium CVE-2012-2868: Race condition with workers and XHR. Credit to miaubiz. [137778] High CVE-2012-2869: Avoid stale buffer in URL loading. Credit to Fermin Serna of the Google Security Team. [138672] [140368] Low CVE-2012-2870: Lower severity memory management issues in XPath. Credit to Nicolas Gregoire. [138673] High CVE-2012-2871: Bad cast in XSL transforms. Credit to Nicolas Gregoire. [142956] Medium CVE-2012-2872: XSS in SSL interstitial. Credit to Emmanuel Bronshtein.
    last seen 2019-02-21
    modified 2013-06-22
    plugin id 61744
    published 2012-08-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61744
    title FreeBSD : chromium -- multiple vulnerabilities (ee68923d-f2f5-11e1-8014-00262d5ed8ee)
oval via4
accepted 2013-08-12T04:08:03.804-04:00
class vulnerability
contributors
  • name Shane Shaffer
    organization G2, Inc.
  • name Shane Shaffer
    organization G2, Inc.
  • name Maria Kedovskaya
    organization ALTX-SOFT
definition_extensions
comment Google Chrome is installed
oval oval:org.mitre.oval:def:11914
description Race condition in Google Chrome before 21.0.1180.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving improper interaction between worker processes and an XMLHttpRequest (aka XHR) object.
family windows
id oval:org.mitre.oval:def:15842
status accepted
submitted 2012-09-04T21:28:36.262-04:00
title Race condition in Google Chrome before 21.0.1180.89 via vectors involving improper interaction between worker processes and an XMLHttpRequest (aka XHR) object
version 43
refmap via4
confirm
osvdb 85033
suse openSUSE-SU-2012:1215
xf chrome-xhr-code-exec(78177)
Last major update 29-09-2016 - 14:35
Published 31-08-2012 - 15:55
Last modified 30-10-2018 - 12:27
Back to Top