You are here

U-100: Google Chrome Multiple Vulnerabilities

February 10, 2012 - 7:00am

Addthis

PROBLEM:

Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to bypass certain security restrictions, manipulate certain data, and compromise a user's system.

PLATFORM:

Google Chrome 16.x

ABSTRACT:

A remote user can create a specially crafted content that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user.

Reference LINKS:

Google Announcements and Release Channel
Secunia Advisory SA47938
Security Tracker ID 1026654

IMPACT ASSESSMENT:

High

Discussion:

Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to bypass certain security restrictions, manipulate certain data, and compromise a user's system.

Clipboard monitoring after a paste event may disclose information CVE-2011-3953
Excessive database usage can cause a crash CVE-2011-3954
Aborting an IndexDB transaction can cause a crash CVE-2011-3955.
Sandboxed origins inside extensions are not properly handled CVE-2011-3956.
A use-after-free may occur during PDF garbage collection CVE-2011-3957.
An incorrect cast may occur related to column span processing CVE-2011-3958.
A buffer overflow may occur in locale handling CVE-2011-3959.
An out-of-bounds read may occur in audio decoding CVE-2011-3960.
Race condition may occur after a crash of utility process CVE-2011-3961.
An out-of-bounds read may occur in path clipping CVE-2011-3962.
An out-of-bounds read may occur in PDF fax image handling CVE-2011-3963.
Some "URL bar confusion" may occur after a drag and drop operation CVE-2011-3964.
A crash may occur in signature check CVE-2011-3965.
A use-after-free may occur in stylesheet error handling CVE-2011-3966.
A crash may occur with an "unusual" certificate CVE-2011-3967.
A use-after-free may occur in CSS handling CVE-2011-3968.
A use-after-free may occur in SVG layout CVE-2011-3969.
An out-of-bounds read may occur in libxslt CVE-2011-3970.
A use-after-free may occur with mousemove events CVE-2011-3971.

Impact:

Security Bypass, Manipulation of data, System access,

Solution:

Upgrade to version 17.0.963.46.

 

Addthis