You are here

U-077: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code

January 9, 2012 - 9:15am

Addthis

PROBLEM:

Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code

PLATFORM:

Version(s): prior to 16.0.912.75

ABSTRACT:

A remote user may be able to execute arbitrary code on the target system.

reference LINKS:

Google Chrome Releases
Chromium Security
SecurityTracker Alert ID:1026487

IMPACT ASSESSMENT:

High

Discussion:

A remote user can create specially crafted content that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user.

Specially crafted animation frames can trigger a use-after-free memory error.CVE-2011-3921.
A remote user can trigger a heap overflow in libxml. CVE-2011-3919.
A remote user can trigger a stack overflow in glyph handling.CVE-2011-3922.

Impact:

A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.

Solution:

The vendor has issued a fix (16.0.912.75).Google Chrome Download

Addthis