You are here

U-249: Google Chrome Multiple Vulnerabilities

August 31, 2012 - 6:00am

Addthis

PROBLEM:

Google Chrome Multiple Vulnerabilities

PLATFORM:

Google Chrome 21.x

ABSTRACT:

Multiple vulnerabilities have been reported in Google Chrome.

reference LINKS:

Secunia Advisory SA50447
Stable Channel Update
CVE-2012-2865
CVE-2012-2866
CVE-2012-2867
CVE-2012-2868
CVE-2012-2869
CVE-2012-2870
CVE-2012-2871
CVE-2012-2872

IMPACT ASSESSMENT:

High

Discussion:

Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to conduct cross-site scripting attacks and compromise a user's system.

1) An out-of-bounds read error exists when handling line breaks.

2) A bad cast error exists within run-ins.

3) A race condition error exists when handling XMLHttpRequest calls.

4) An error when loading URLs can be exploited to cause a stale buffer.

5) A bad cast error exists when handling XSL transforms.

6) An error when handling certain SSL data can be exploited to cause a cross-site scripting attack.

The vulnerabilities are reported in versions prior to 21.0.1180.89.

Impact:

Multiple vulnerabilities have been reported in Google Chrome, where some have unknown impacts and others can be exploited by malicious people to bypass certain security restrictions, and compromise a user's system.

Solution:

The vendor has issued a fix.  Update to version 21.0.1180.89.

 

Addthis