You are here

U-143: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code

April 9, 2012 - 7:00am

Addthis

PROBLEM:

Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code

PLATFORM:

Version(s): prior to 18.0.1025.151

ABSTRACT:

Multiple vulnerabilities were reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system.

reference LINKS:

SecurityTracker Alert ID: 1026892
CVE-2011-3066
Secunia Advisory SA48732

IMPACT ASSESSMENT:

High

Discussion:

A remote user can create specially crafted content that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user. An out-of-bounds memory read error may occur in Skia clipping [CVE-2011-3066].
A remote user can replace an iframe in a different domain [CVE-2011-3067].
A use-after-free memory error may occur in run-in handling [CVE-2011-3068].
A use-after-free memory error may occur in line box handling [CVE-2011-3069].
A use-after-free memory error may occur in v8 bindings [CVE-2011-3070].
A use-after-free memory error may occur in HTMLMediaElement [CVE-2011-3071].
A cross-origin pop-up violation may occur [CVE-2011-3072].

Impact:

Disclosure of user information
Execution of arbitrary code via network
Modification of user information
User access via network

Solution:

The vendor has issued a fix (18.0.1025.151).

 

Addthis