You are here

V-121: Google Chrome Multiple Vulnerabilities

March 28, 2013 - 12:29am

Addthis

PROBLEM:

Google Chrome Multiple Vulnerabilities

PLATFORM:

versions prior to 26.0.1410.43.

ABSTRACT:

Multiple vulnerabilities have been reported in Google Chrome

REFERENCE LINKS:

Secunia Advisory SA52761

CVE-2013-0916

CVE-2013-0917

CVE-2013-0918

CVE-2013-0919

CVE-2013-0920

CVE-2013-0921

CVE-2013-0922

CVE-2013-0923

CVE-2013-0924

CVE-2013-0925

CVE-2013-0926

IMPACT ASSESSMENT:

High

DISCUSSION:

Multiple vulnerabilities have been reported in Google Chrome, where one has an unknown impact and others can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.

IMPACT:

1) A use-after-free error exists in Web Audio.

2) An out-of-bounds read error exists in URL loader.

3) A use-after-free error exists with pop-up windows in extensions.

4) A use-after-free error exists in extension bookmarks API.

5) The application does not properly ensure running isolated web sites in their own processes.

6) An unspecified error exists related to memory safety in the USB Apps API.

7) An error exists when verifying an extension's permissions API use in relation to file permissions.

8) An error exists due to pasting active tags in certain situations.

SOLUTION:

Upgrade to version 26.0.1410.43.

 

 

Addthis