ID CVE-2012-5147
Summary Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOM handling.
References
Vulnerable Configurations
  • OpenSUSE 12.1
    cpe:2.3:o:opensuse:opensuse:12.1
  • OpenSUSE 12.2
    cpe:2.3:o:opensuse:opensuse:12.2
  • Google Chrome 24.0.1272.0
    cpe:2.3:a:google:chrome:24.0.1272.0
  • Google Chrome 24.0.1272.1
    cpe:2.3:a:google:chrome:24.0.1272.1
  • Google Chrome 24.0.1273.0
    cpe:2.3:a:google:chrome:24.0.1273.0
  • Google Chrome 24.0.1274.0
    cpe:2.3:a:google:chrome:24.0.1274.0
  • Google Chrome 24.0.1275.0
    cpe:2.3:a:google:chrome:24.0.1275.0
  • Google Chrome 24.0.1276.0
    cpe:2.3:a:google:chrome:24.0.1276.0
  • Google Chrome 24.0.1276.1
    cpe:2.3:a:google:chrome:24.0.1276.1
  • Google Chrome 24.0.1277.0
    cpe:2.3:a:google:chrome:24.0.1277.0
  • Google Chrome 24.0.1278.0
    cpe:2.3:a:google:chrome:24.0.1278.0
  • Google Chrome 24.0.1279.0
    cpe:2.3:a:google:chrome:24.0.1279.0
  • Google Chrome 24.0.1280.0
    cpe:2.3:a:google:chrome:24.0.1280.0
  • Google Chrome 24.0.1281.0
    cpe:2.3:a:google:chrome:24.0.1281.0
  • Google Chrome 24.0.1281.1
    cpe:2.3:a:google:chrome:24.0.1281.1
  • Google Chrome 24.0.1281.2
    cpe:2.3:a:google:chrome:24.0.1281.2
  • Google Chrome 24.0.1281.3
    cpe:2.3:a:google:chrome:24.0.1281.3
  • Google Chrome 24.0.1282.0
    cpe:2.3:a:google:chrome:24.0.1282.0
  • Google Chrome 24.0.1283.0
    cpe:2.3:a:google:chrome:24.0.1283.0
  • Google Chrome 24.0.1284.0
    cpe:2.3:a:google:chrome:24.0.1284.0
  • Google Chrome 24.0.1284.1
    cpe:2.3:a:google:chrome:24.0.1284.1
  • Google Chrome 24.0.1284.2
    cpe:2.3:a:google:chrome:24.0.1284.2
  • Google Chrome 24.0.1285.0
    cpe:2.3:a:google:chrome:24.0.1285.0
  • Google Chrome 24.0.1285.1
    cpe:2.3:a:google:chrome:24.0.1285.1
  • Google Chrome 24.0.1285.2
    cpe:2.3:a:google:chrome:24.0.1285.2
  • Google Chrome 24.0.1286.0
    cpe:2.3:a:google:chrome:24.0.1286.0
  • Google Chrome 24.0.1286.1
    cpe:2.3:a:google:chrome:24.0.1286.1
  • Google Chrome 24.0.1287.0
    cpe:2.3:a:google:chrome:24.0.1287.0
  • Google Chrome 24.0.1287.1
    cpe:2.3:a:google:chrome:24.0.1287.1
  • Google Chrome 24.0.1288.0
    cpe:2.3:a:google:chrome:24.0.1288.0
  • Google Chrome 24.0.1288.1
    cpe:2.3:a:google:chrome:24.0.1288.1
  • Google Chrome 24.0.1289.0
    cpe:2.3:a:google:chrome:24.0.1289.0
  • Google Chrome 24.0.1289.1
    cpe:2.3:a:google:chrome:24.0.1289.1
  • Google Chrome 24.0.1290.0
    cpe:2.3:a:google:chrome:24.0.1290.0
  • Google Chrome 24.0.1291.0
    cpe:2.3:a:google:chrome:24.0.1291.0
  • Google Chrome 24.0.1292.0
    cpe:2.3:a:google:chrome:24.0.1292.0
  • Google Chrome 24.0.1293.0
    cpe:2.3:a:google:chrome:24.0.1293.0
  • Google Chrome 24.0.1294.0
    cpe:2.3:a:google:chrome:24.0.1294.0
  • Google Chrome 24.0.1295.0
    cpe:2.3:a:google:chrome:24.0.1295.0
  • Google Chrome 24.0.1296.0
    cpe:2.3:a:google:chrome:24.0.1296.0
  • Google Chrome 24.0.1297.0
    cpe:2.3:a:google:chrome:24.0.1297.0
  • Google Chrome 24.0.1298.0
    cpe:2.3:a:google:chrome:24.0.1298.0
  • Google Chrome 24.0.1299.0
    cpe:2.3:a:google:chrome:24.0.1299.0
  • Google Chrome 24.0.1300.0
    cpe:2.3:a:google:chrome:24.0.1300.0
  • Google Chrome 24.0.1301.0
    cpe:2.3:a:google:chrome:24.0.1301.0
  • Google Chrome 24.0.1301.2
    cpe:2.3:a:google:chrome:24.0.1301.2
  • Google Chrome 24.0.1302.0
    cpe:2.3:a:google:chrome:24.0.1302.0
  • Google Chrome 24.0.1303.0
    cpe:2.3:a:google:chrome:24.0.1303.0
  • Google Chrome 24.0.1304.0
    cpe:2.3:a:google:chrome:24.0.1304.0
  • Google Chrome 24.0.1304.1
    cpe:2.3:a:google:chrome:24.0.1304.1
  • Google Chrome 24.0.1305.0
    cpe:2.3:a:google:chrome:24.0.1305.0
  • Google Chrome 24.0.1305.1
    cpe:2.3:a:google:chrome:24.0.1305.1
  • Google Chrome 24.0.1305.2
    cpe:2.3:a:google:chrome:24.0.1305.2
  • Google Chrome 24.0.1305.3
    cpe:2.3:a:google:chrome:24.0.1305.3
  • Google Chrome 24.0.1305.4
    cpe:2.3:a:google:chrome:24.0.1305.4
  • Google Chrome 24.0.1306.0
    cpe:2.3:a:google:chrome:24.0.1306.0
  • Google Chrome 24.0.1306.1
    cpe:2.3:a:google:chrome:24.0.1306.1
  • Google Chrome 24.0.1307.0
    cpe:2.3:a:google:chrome:24.0.1307.0
  • Google Chrome 24.0.1307.1
    cpe:2.3:a:google:chrome:24.0.1307.1
  • Google Chrome 24.0.1308.0
    cpe:2.3:a:google:chrome:24.0.1308.0
  • Google Chrome 24.0.1309.0
    cpe:2.3:a:google:chrome:24.0.1309.0
  • Google Chrome 24.0.1310.0
    cpe:2.3:a:google:chrome:24.0.1310.0
  • Google Chrome 24.0.1311.0
    cpe:2.3:a:google:chrome:24.0.1311.0
  • Google Chrome 24.0.1311.1
    cpe:2.3:a:google:chrome:24.0.1311.1
  • Google Chrome 24.0.1312.0
    cpe:2.3:a:google:chrome:24.0.1312.0
  • Google Chrome 24.0.1312.1
    cpe:2.3:a:google:chrome:24.0.1312.1
  • Google Chrome 24.0.1312.4
    cpe:2.3:a:google:chrome:24.0.1312.4
  • Google Chrome 24.0.1312.5
    cpe:2.3:a:google:chrome:24.0.1312.5
  • Google Chrome 24.0.1312.6
    cpe:2.3:a:google:chrome:24.0.1312.6
  • Google Chrome 24.0.1312.7
    cpe:2.3:a:google:chrome:24.0.1312.7
  • Google Chrome 24.0.1312.8
    cpe:2.3:a:google:chrome:24.0.1312.8
  • Google Chrome 24.0.1312.9
    cpe:2.3:a:google:chrome:24.0.1312.9
  • Google Chrome 24.0.1312.10
    cpe:2.3:a:google:chrome:24.0.1312.10
  • Google Chrome 24.0.1312.11
    cpe:2.3:a:google:chrome:24.0.1312.11
  • Google Chrome 24.0.1312.12
    cpe:2.3:a:google:chrome:24.0.1312.12
  • Google Chrome 24.0.1312.13
    cpe:2.3:a:google:chrome:24.0.1312.13
  • Google Chrome 24.0.1312.14
    cpe:2.3:a:google:chrome:24.0.1312.14
  • Google Chrome 24.0.1312.15
    cpe:2.3:a:google:chrome:24.0.1312.15
  • Google Chrome 24.0.1312.16
    cpe:2.3:a:google:chrome:24.0.1312.16
  • Google Chrome 24.0.1312.17
    cpe:2.3:a:google:chrome:24.0.1312.17
  • Google Chrome 24.0.1312.18
    cpe:2.3:a:google:chrome:24.0.1312.18
  • Google Chrome 24.0.1312.19
    cpe:2.3:a:google:chrome:24.0.1312.19
  • Google Chrome 24.0.1312.20
    cpe:2.3:a:google:chrome:24.0.1312.20
  • Google Chrome 24.0.1312.21
    cpe:2.3:a:google:chrome:24.0.1312.21
  • Google Chrome 24.0.1312.22
    cpe:2.3:a:google:chrome:24.0.1312.22
  • Google Chrome 24.0.1312.23
    cpe:2.3:a:google:chrome:24.0.1312.23
  • Google Chrome 24.0.1312.24
    cpe:2.3:a:google:chrome:24.0.1312.24
  • Google Chrome 24.0.1312.25
    cpe:2.3:a:google:chrome:24.0.1312.25
  • Google Chrome 24.0.1312.26
    cpe:2.3:a:google:chrome:24.0.1312.26
  • Google Chrome 24.0.1312.27
    cpe:2.3:a:google:chrome:24.0.1312.27
  • Google Chrome 24.0.1312.28
    cpe:2.3:a:google:chrome:24.0.1312.28
  • Google Chrome 24.0.1312.29
    cpe:2.3:a:google:chrome:24.0.1312.29
  • Google Chrome 24.0.1312.30
    cpe:2.3:a:google:chrome:24.0.1312.30
  • Google Chrome 24.0.1312.31
    cpe:2.3:a:google:chrome:24.0.1312.31
  • Google Chrome 24.0.1312.32
    cpe:2.3:a:google:chrome:24.0.1312.32
  • Google Chrome 24.0.1312.33
    cpe:2.3:a:google:chrome:24.0.1312.33
  • Google Chrome 24.0.1312.34
    cpe:2.3:a:google:chrome:24.0.1312.34
  • Google Chrome 24.0.1312.35
    cpe:2.3:a:google:chrome:24.0.1312.35
  • Google Chrome 24.0.1312.36
    cpe:2.3:a:google:chrome:24.0.1312.36
  • Google Chrome 24.0.1312.37
    cpe:2.3:a:google:chrome:24.0.1312.37
  • Google Chrome 24.0.1312.38
    cpe:2.3:a:google:chrome:24.0.1312.38
  • Google Chrome 24.0.1312.39
    cpe:2.3:a:google:chrome:24.0.1312.39
  • Google Chrome 24.0.1312.40
    cpe:2.3:a:google:chrome:24.0.1312.40
  • Google Chrome 24.0.1312.41
    cpe:2.3:a:google:chrome:24.0.1312.41
  • Google Chrome 24.0.1312.42
    cpe:2.3:a:google:chrome:24.0.1312.42
  • Google Chrome 24.0.1312.43
    cpe:2.3:a:google:chrome:24.0.1312.43
  • Google Chrome 24.0.1312.44
    cpe:2.3:a:google:chrome:24.0.1312.44
  • Google Chrome 24.0.1312.45
    cpe:2.3:a:google:chrome:24.0.1312.45
  • Google Chrome 24.0.1312.46
    cpe:2.3:a:google:chrome:24.0.1312.46
  • Google Chrome 24.0.1312.47
    cpe:2.3:a:google:chrome:24.0.1312.47
  • Google Chrome 24.0.1312.48
    cpe:2.3:a:google:chrome:24.0.1312.48
  • Google Chrome 24.0.1312.49
    cpe:2.3:a:google:chrome:24.0.1312.49
  • Google Chrome 24.0.1312.50
    cpe:2.3:a:google:chrome:24.0.1312.50
  • Google Chrome 24.0.1312.51
    cpe:2.3:a:google:chrome:24.0.1312.51
CVSS
Base: 7.5 (as of 05-10-2016 - 14:37)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_46BD747B5B8411E2B06D00262D5ED8EE.NASL
    description Google Chrome Releases reports : [162494] High CVE-2012-5145: Use-after-free in SVG layout. Credit to Atte Kettunen of OUSPG. [165622] High CVE-2012-5146: Same origin policy bypass with malformed URL. Credit to Erling A Ellingsen and Subodh Iyengar, both of Facebook. [165864] High CVE-2012-5147: Use-after-free in DOM handling. Credit to Jose A. Vazquez. [167122] Medium CVE-2012-5148: Missing filename sanitization in hyphenation support. Credit to Google Chrome Security Team (Justin Schuh). [166795] High CVE-2012-5149: Integer overflow in audio IPC handling. Credit to Google Chrome Security Team (Chris Evans). [165601] High CVE-2012-5150: Use-after-free when seeking video. Credit to Google Chrome Security Team (Inferno). [165538] High CVE-2012-5151: Integer overflow in PDF JavaScript. Credit to Mateusz Jurczyk, with contribution from Gynvael Coldwind, both of Google Security Team. [165430] Medium CVE-2012-5152: Out-of-bounds read when seeking video. Credit to Google Chrome Security Team (Inferno). [164565] High CVE-2012-5153: Out-of-bounds stack access in v8. Credit to Andreas Rossberg of the Chromium development community. [Mac only] [163208] Medium CVE-2012-5155: Missing Mac sandbox for worker processes. Credit to Google Chrome Security Team (Julien Tinnes). [162778] High CVE-2012-5156: Use-after-free in PDF fields. Credit to Mateusz Jurczyk, with contribution from Gynvael Coldwind, both of Google Security Team. [162776] [162156] Medium CVE-2012-5157: Out-of-bounds reads in PDF image handling. Credit to Mateusz Jurczyk, with contribution from Gynvael Coldwind, both of Google Security Team. [162153] High CVE-2013-0828: Bad cast in PDF root handling. Credit to Mateusz Jurczyk, with contribution from Gynvael Coldwind, both of Google Security Team. [162114] High CVE-2013-0829: Corruption of database metadata leading to incorrect file access. Credit to Google Chrome Security Team (Juri Aedla). [161836] Low CVE-2013-0831: Possible path traversal from extension process. Credit to Google Chrome Security Team (Tom Sepez). [160380] Medium CVE-2013-0832: Use-after-free with printing. Credit to Google Chrome Security Team (Cris Neckar). [154485] Medium CVE-2013-0833: Out-of-bounds read with printing. Credit to Google Chrome Security Team (Cris Neckar). [154283] Medium CVE-2013-0834: Out-of-bounds read with glyph handling. Credit to Google Chrome Security Team (Cris Neckar). [152921] Low CVE-2013-0835: Browser crash with geolocation. Credit to Arthur Gerkis. [150545] High CVE-2013-0836: Crash in v8 garbage collection. Credit to Google Chrome Security Team (Cris Neckar). [145363] Medium CVE-2013-0837: Crash in extension tab handling. Credit to Tom Nielsen. [Linux only] [143859] Low CVE-2013-0838: Tighten permissions on shared memory segments. Credit to Google Chrome Security Team (Chris Palmer).
    last seen 2019-02-21
    modified 2016-05-26
    plugin id 63469
    published 2013-01-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63469
    title FreeBSD : chromium -- multiple vulnerabilities (46bd747b-5b84-11e2-b06d-00262d5ed8ee)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2013-72.NASL
    description - Update to 26.0.1383 - Security fixes (bnc#798326) - CVE-2012-5145: Use-after-free in SVG layout - CVE-2012-5146: Same origin policy bypass with malformed URL - CVE-2012-5147: Use-after-free in DOM handling - CVE-2012-5148: Missing filename sanitization in hyphenation support - CVE-2012-5149: Integer overflow in audio IPC handling - CVE-2012-5150: Use-after-free when seeking video - CVE-2012-5152: Out-of-bounds read when seeking video - CVE-2012-5153: Out-of-bounds stack access in v8. - CVE-2012-5154: Integer overflow in shared memory allocation - CVE-2013-0830: Missing NUL termination in IPC. - CVE-2013-0831: Possible path traversal from extension process - CVE-2013-0832: Use-after-free with printing. - CVE-2013-0833: Out-of-bounds read with printing. - CVE-2013-0834: Out-of-bounds read with glyph handling - CVE-2013-0835: Browser crash with geolocation - CVE-2013-0836: Crash in v8 garbage collection. - CVE-2013-0837: Crash in extension tab handling. - CVE-2013-0838: Tighten permissions on shared memory segments - Set up Google API keys, see http://www.chromium.org/developers/how-tos/api-keys . # Note: these are for openSUSE Chromium builds ONLY!! (Setup was done based on indication from Pawel Hajdan) - Change the default setting for password-store to basic. (bnc#795860) - Fixes from Update to 25.0.1352 - Fixed garbled header and footer text in print preview. - Fixed broken profile with system-wide installation and - Fixed stability crashes like 158747, 159437, 149139, 160914, - Add a configuration file (/etc/default/chromium) where we can indicate flags for the chromium-browser. - {gtk} Fixed selection renders white text on white - Fixed translate infobar button to show selected language. - Update to 25.0.1329 - No further indications in the ChangeLog - Update to 25.0.1319 - No further indications in the Changelog - Update to 24.0.1308 - Updated V8 - 3.14.5.0 - Bookmarks are now searched by their title while typing into the omnibox with matching bookmarks being shown in the autocomplete suggestions pop-down list. Matching is done by prefix. - Fixed chromium issues 155871, 154173, 155133. - No further indications in the ChangeLog. - Update to 24.0.1283
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75155
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75155
    title openSUSE Security Update : chromium (openSUSE-SU-2013:0236-1)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201309-16.NASL
    description The remote host is affected by the vulnerability described in GLSA-201309-16 (Chromium, V8: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. Impact : A context-dependent attacker could entice a user to open a specially crafted website or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass security restrictions or have other, unspecified, impact. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 70112
    published 2013-09-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70112
    title GLSA-201309-16 : Chromium, V8: Multiple vulnerabilities
  • NASL family Windows
    NASL id GOOGLE_CHROME_24_0_1312_52.NASL
    description The version of Google Chrome installed on the remote host is earlier than 24.0.1312.52 and is, therefore, affected by the following vulnerabilities : - Use-after-free errors exist related to SVG layout, DOM handling, video seeking, PDF fields and printing. (CVE-2012-5145, CVE-2012-5147, CVE-2012-5150, CVE-2012-5156, CVE-2013-0832) - An error related to malformed URLs can allow a Same Origin Policy (SOP) bypass, thereby allowing cross-site scripting attacks. (CVE-2012-5146) - A user-input validation error exists related to filenames and hyphenation support. (CVE-2012-5148) - Integer overflow errors exist related to audio IPC handling, PDF JavaScript and shared memory allocation. (CVE-2012-5149, CVE-2012-5151, CVE-2012-5154) - Out-of-bounds read errors exist related to video seeking, PDF image handling, printing and glyph handling. (CVE-2012-5152, CVE-2012-5157, CVE-2012-0833, CVE-2012-0834) - An out-of-bounds stack access error exists in the v8 JavaScript engine. (CVE-2012-5153) - A casting error exists related to PDF 'root' handling. (CVE-2013-0828) - An unspecified error exists that can corrupt database metadata leading to incorrect file access. (CVE-2013-0829) - An error exists related to IPC and 'NUL' termination. (CVE-2013-0830) - An error exists related to extensions that may allow improper path traversals. (CVE-2013-0831) - An unspecified error exists related to geolocation. (CVE-2013-0835) - An unspecified error exists related to garbage collection in the v8 JavaScript engine. (CVE-2013-0836) - An unspecified error exists related to extension tab handling. (CVE-2013-0837) - The bundled version of Adobe Flash Player contains flaws that can lead to arbitrary code execution. (CVE-2013-0630) Successful exploitation of some of these issues could lead to an application crash or even allow arbitrary code execution, subject to the user's privileges.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 63468
    published 2013-01-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63468
    title Google Chrome < 24.0.1312.52 Multiple Vulnerabilities
oval via4
accepted 2013-08-12T04:08:20.847-04:00
class vulnerability
contributors
  • name Shane Shaffer
    organization G2, Inc.
  • name Jonathan Baker
    organization The MITRE Corporation
  • name Maria Kedovskaya
    organization ALTX-SOFT
definition_extensions
comment Google Chrome is installed
oval oval:org.mitre.oval:def:11914
description Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOM handling.
family windows
id oval:org.mitre.oval:def:16269
status accepted
submitted 2013-01-16T09:35:49.141-05:00
title Use-after-free vulnerability in Google Chrome before 24.0.1312.52 via vectors related to DOM handling.
version 44
refmap via4
confirm
suse openSUSE-SU-2013:0236
Last major update 06-10-2016 - 12:22
Published 15-01-2013 - 16:55
Last modified 30-10-2018 - 12:27
Back to Top