You are here

V-105: Google Chrome Multiple Vulnerabilities

March 6, 2013 - 12:09am

Addthis

PROBLEM:

Google Chrome Multiple Vulnerabilities

PLATFORM:

Google Chrome prior to 25.0.1364.152.

ABSTRACT:

Multiple vulnerabilities have been reported in Google Chrome

REFERENCE LINKS:

Stable Channel Update
Secunia Advisory SA52454
CVE-2013-0902
CVE-2013-0903
CVE-2013-0904
CVE-2013-0905
CVE-2013-0906
CVE-2013-0907
CVE-2013-0908
CVE-2013-0909
CVE-2013-0910
CVE-2013-0911

IMPACT ASSESSMENT:

High

DISCUSSION:

Multiple vulnerabilities in Google Chrome may  have an unknown impact and others can be exploited by malicious people to compromise a user's system.

1) A use-after-free error exists in frame loader.

2) A use-after-free error exists in browser navigation handling.

3) An error in Web Audio can be exploited to cause memory corruption.

4) A use-after-free error exists in SVG animations.

5) An error in Indexed DB can be exploited to cause memory corruption.

6) A race condition error exists in media thread handling.

7) An error exists during handling of bindings for extension processes.

8) An error exists when loading browser plug-in.

9) A path traversal error exists when handling database.

IMPACT:

Vulnerabilities may have an unknown impact and others can be exploited by malicious people to compromise a user's system.

SOLUTION:

The vendor has issued a fix (5 Update 41, 6 Update 43, 7 Update 17).
 

Addthis