You are here

V-097: Google Chrome Multiple Vulnerabilities

February 22, 2013 - 6:00am

Addthis

PROBLEM:

Multiple vulnerabilities have been reported in Google Chrome

PLATFORM:

The vulnerabilities are reported in versions prior to Google Chrome 24.x

ABSTRACT:

Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.

REFERENCE LINKS:

Secunia Advisory SA52320 
Chrome Stable Channel Update
CVE-2013-0879 
CVE-2013-0880
CVE-2013-0881 
CVE-2013-0882
CVE-2013-0883 
CVE-2013-0884 
CVE-2013-0885 
CVE-2013-0886
CVE-2013-0887
CVE-2013-0888
CVE-2013-0889
CVE-2013-0890
CVE-2013-0891
CVE-2013-0892
CVE-2013-0893
CVE-2013-0894
CVE-2013-0895
CVE-2013-0896
CVE-2013-0897
CVE-2013-0898
CVE-2013-0899
CVE-2013-0900

IMPACT ASSESSMENT:

High

DISCUSSION:

1) An unspecified error related to web audio node can be exploited to corrupt memory.

2) A use-after-free error exists in database handling.

3) An unspecified error exists in Matroska Handling.

4) An unspecified error exists related to excessive SVG parameters.

5) An unspecified error exists in Skia.

6) An unspecified error exists due to inappropriate load of NaCl.

7) An unspecified error exists due to incorrect NaCl signal handling 
   **Note: This vulnerability affects the Mac platform only.

8) An error exists due to the developer tools process having to many permissions and incorrectly placing too much trust in the connected server.

9) An out-of-bounds read error exists in Skia.

10) Some unspecified errors exist due to memory safety issues across the IPC layer.

11) An integer overflow error exists in blob handling.

12) Some unspecified errors exist related to IPC layer.

13) A race condition error exists in media handling.

14) An error related to vorbis decoding can be exploited to cause a buffer overflow.

15) An unspecified error exists due to incorrect path handling in file copying.
    **Note: This vulnerability affects the Linux and Mac platforms only.

16) Some unspecified errors exist within the memory management in plug-in message handling.

17) A use-after-free error exists in URL handling.

18) An integer overflow error exists in Opus handling.

19) A race condition error exists in ICU.

20) An unspecified error exists in the WebKit implementation of MathML.

IMPACT:

Potential security bypass or system access

SOLUTION:

Upgrade to version 25.0.1364.97 for Windows and Linux and 25.0.1364.99 for Mac

Addthis