You are here

U-004:Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code

October 5, 2011 - 8:15am

Addthis

PROBLEM:

Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code.

PLATFORM:
 

Google Chrome prior to 14.0.835.202

ABSTRACT:
 

A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.
 

reference LINKS:
  

Google Chrome Annoncements and Releases
SecurityTracker Alert ID: 1026137

   

IMPACT ASSESSMENT:

High

Discussion:

Multiple vulnerabilities were reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system. The code will run with the privileges of the target user.
A use-after-free can occur in text line box handling [CVE-2011-2876].
An SVG text handling font processing flaw exists [CVE-2011-2877].
A cross-origin access control flaw exists [CVE-2011-2878].
Lifetime and threading issues exist in audio node handling [CVE-2011-2879].
A use-after-free can occur in the v8 bindings [CVE-2011-2880].
Specially crafted v8 hidden objects can trigger memory corruption [CVE-2011-2881].
A memory corruption flaw exists in the shader translator [CVE-2011-3873].

 

Impact:

A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.

Solution:

The vendor has issued a fix (14.0.835.202)..
Updating Google Chrome

 

Addthis