You are here

U-277: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code

October 9, 2012 - 6:00am

Addthis

PROBLEM:

Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code

PLATFORM:

Version(s): prior to 22.0.1229.92

ABSTRACT:

Several vulnerabilities were reported in Google Chrome.

reference LINKS:

SecurityTracker Alert ID:  1027617
Stable Channel Update
CVE-2012-2900
CVE-2012-5108
CVE-2012-5109
CVE-2012-5110
CVE-2012-5111

IMPACT ASSESSMENT:

High

Discussion:

A remote user can create specially crafted content that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user.

A crash may occur in Skia text rendering [CVE-2012-2900].

A race condition may occur in audio device handling [CVE-2012-5108].

An out-of-bounds read may occur in ICU regex processing [CVE-2012-5109].

An out-of-bounds read may occur in compositor [CVE-2012-5110].

Pepper plug-ins do not perform crash monitoring [CVE-2012-5111].

Impact:

A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.

Solution:

The vendor has issued a fix (22.0.1229.92).

Addthis