You are here

U-133: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code

March 26, 2012 - 3:35am

Addthis

PROBLEM:

Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code

PLATFORM:

Google Chrome prior to 17.0.963.83

ABSTRACT:

Multiple vulnerabilities were reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system.

reference LINKS:

SecurityTracker Alert ID: 1026841
CVE-2011-3049
Secunia Advisory SA48512

IMPACT ASSESSMENT:

High

Discussion:

A remote user can create specially crafted content that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user. A use-after-free may occur with first-letter handling [CVE-2011-3050]. A use-after-free may occur in CSS cross-fade handling [CVE-2011-3051]. A memory corruption error may occur in WebGL canvas handling [CVE-2011-3052]. A use-after-free may occur in block splitting [CVE-2011-3053]. Some webui privilege errors may occur [CVE-2011-3054]. A unspecified flaw in prompting the user for unpacked extension installation may occur [CVE-2011-3055]. A remote user can bypass same origin restristions with a "magic iframe" [CVE-2011-3056].

Impact:

A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.

Solution:

The vendor has issued a fix (17.0.963.83).

Addthis