You are here

U-160: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code

May 2, 2012 - 7:00am

Addthis

PROBLEM:

Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code

PLATFORM:

Prior to 18.0.1025.168

ABSTRACT:

Several vulnerabilities were reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system

reference LINKS:

SecurityTracker Alert ID: 1027001
CVE-2011-3078
CVE-2011-3079
CVE-2011-3080

IMPACT ASSESSMENT:

High

Discussion:

A remote user can create specially crafted content that, when loaded by the target user, will trigger a use-after-free, validation error, or race condition and execute arbitrary code on the target system. The code will run with the privileges of the target user. A use-after-free may occur in floats handling. An IPC validation failure may occur. A race condition may occur in sandbox IPC. A use-after-free may occur in floats handling [CVE-2011-3081]. A use-after-free may occur in the xml parser [CVE-2012-1521].

Impact:

A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.

Solution:

The vendor has issued a fix (18.0.1025.168).

Addthis