You are here

V-035: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code

November 28, 2012 - 1:00am

Addthis

PROBLEM:

Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code

PLATFORM:

Version(s): prior to 23.0.1271.91

ABSTRACT:

Several vulnerabilities were reported in Google Chrome.

REFERENCE LINKS:

Release updates from the Chrome team
SecurityTracker Alert ID:  1027815
Secunia Advisory SA51437
CVE-2012-5130
CVE-2012-5131
CVE-2012-5132
CVE-2012-5133
CVE-2012-5134
CVE-2012-5135
CVE-2012-5136

IMPACT ASSESSMENT:

High

DISCUSSION:

Several vulnerabilities were reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system.

A remote user can create specially crafted content that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user.

An out-of-bounds read may occur in Skia [CVE-2012-5130].

A memory corruption error may occur in the Apple OSX driver for Intel GPUs [CVE-2012-5131].

A browser crash may occur when processing chunked encoding [CVE-2012-5132].

A use-after-free may occur in SVG filters [CVE-2012-5133].

A buffer underflow may occur in libxml [CVE-2012-5134].

A use-after-free may occur when printing [CVE-2012-5135].

A bad cast may occur in input element handling [CVE-2012-5136].

Impact:

A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.

Solution:

The vendor has issued a fix (23.0.1271.91).

Addthis