You are here

V-224: Google Chrome Multiple Vulnerabilities

August 22, 2013 - 1:05am

Addthis

PROBLEM:

Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious, local users to disclose potentially sensitive information and by malicious people to compromise a user's system.

PLATFORM:

Google Chrome 28.x

ABSTRACT:

The vulnerabilities are reported in versions prior to 29.0.1547.57

REFERENCE LINKS:

Secunia Advisory ID:  1028921
CVE-2013-2887
CVE-2013-2900
CVE-2013-2901
CVE-2013-2902
CVE-2013-2903
CVE-2013-2904
CVE-2013-2905

IMPACT ASSESSMENT:

High

DISCUSSION:

Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown   
impact and others can be exploited by malicious, local users to disclose potentially   
sensitive information and by malicious people to compromise a user's system.
 
1) An error exists when handling file paths.
 
2) The application creates certain shared memory files with insecure permissions. This can   
be exploited to e.g. disclose contents of that shared memory.
 
3) An integer overflow error exists within ANGLE.
 
4) A use-after-free error exists within XSLT.
 
5) A use-after-free error exists within media element.
 
6) A use-after-free error exists within document parsing.
 
7) Some unspecified errors exist.
 

IMPACT:

Unknown, Exposure of sensitive information, System access

SOLUTION:

Upgrade to version 29.0.1547.57.

Addthis