V-109: Google Chrome WebKit Type Confusion Error Lets Remote Users Execute Arbitrary Code

March 12, 2013 - 12:11am

PROBLEM:

Google Chrome WebKit Type Confusion Error Lets Remote Users Execute Arbitrary Code

PLATFORM:

Google Chrome prior to 25.0.1364.160

ABSTRACT:

A vulnerability was reported in Google Chrome.

REFERENCE LINKS:

Stable Channel Update
SecurityTracker Alert ID: 1028266
CVE-2013-0912

IMPACT ASSESSMENT:

Medium

DISCUSSION:

A remote user can cause arbitrary code to be executed on the target user's system.

A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a type confusion error in WebKit and execute arbitrary code on the target system. The code will run with the privileges of the target user.

IMPACT:

A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.

SOLUTION:

The vendor has issued a fix (25.0.1364.160).

Energy.gov

Office of the Chief Information Officer

Office of the Chief Information Officer

All Offices

You are here