You are here

T-574: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code

March 10, 2011 - 3:05pm

Addthis

PROBLEM:

Multiple vulnerabilities were reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can bypass the pop-up blocker.

PLATFORM:

Google Chrome prior to 10.0.648.127

ABSTRACT:

Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact while others can be exploited by malicious people bypass certain security restrictions, disclose system information, and compromise a user's system.

reference LINKS:

Secunia Advisory: SA43683
Google Chrome Support
Chrome Stable Release
SecurityTracker Alert ID:1025181

IMPACT ASSESSMENT:

High

Discussion:

Multiple vulnerabilities were reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can bypass the pop-up blocker.
A remote user can create specially crafted HTML that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user.

Impact:

A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can obtain error message data from a different domain.
A remote user can execute arbitrary scripting code in a different domain.
A remote user can bypass the pop-up blocker.

Solution:

The vendor has issued a fix (10.0.648.127).

Google Chrome: System requirements
 

Patches/Software Downloads
Google Chrome Update
 

 

Addthis