Google Chrome Multiple Vulnerabilities

Posted on Saturday, March 19, 2011 @ 22:56:03 CDT in Security
by Raven

SECUNIA ADVISORY ID: SA43519

VERIFY ADVISORY: http://secunia.com/advisories/43519/

CRITICALITY: Highly Critical

RELEASE DATE: 2011-03-20

DESCRIPTION: Some vulnerabilities have been reported in Google Chrome, where some have an unknown impact while others can be exploited to conduct spoofing attacks, disclose sensitive information, and potentially compromise a user's system. The vulnerabilities are reported in versions prior to 9.0.597.107.
1) An unspecified error related to the URL bar can be exploited to conduct spoofing attacks.
2) An unspecified error exists in the handling of JavaScript dialogs.
3) An error when handling stylesheet nodes can lead to a stale pointer.
4) An error when handling key frame rules can lead to a stale pointer.
5) An unspecified error exists in the handling of form controls.
6) An unspecified error exists while rendering SVG content.
7) An unspecified error in pickle deserialization can be exploited to cause out-of-bounds reads. This vulnerability affects 64-bit builds for Linux only.
8) An unspecified error in table handling can lead to a stale node.
9) An unspecified error in table rendering can lead to a stale pointer.
10) An unspecified error in SVG animations can lead to a stale pointer.
11) An unspecified error when handling XHTML can lead to a stale node.
12) An unspecified error exists in the textarea handling.
13) An unspecified error when handling device orientation can lead to a stale pointer.
14) An unspecified error in WebGL can be exploited to cause out-of-bounds reads.
15) An integer overflow exists in the textarea handling.
16) An unspecified error in WebGL can be exploited to cause out-of-bounds reads.
17) An unspecified error can lead to exposure of internal extension functions.
18) A use-after-free error exists within the handling of blocked plug-ins.
19) An unspecified error when handling layouts can lead to a stale pointer.

SOLUTION: Update to version 9.0.597.107.

PROVIDED AND/OR DISCOVERED BY: The vendor credits:
1) Jordi Chancel.
2) Sergey Radchenko.
3, 4, 13) Sergey Glazunov.
5) Stefan van Zanden.
6) Slawomir Blazek.
7) Evgeniy Stepanov, Chromium development community.
8, 9, 19) Martin Barbella.
10, 14, 15) miaubiz.
11, 12) wushi, team509.
16) Inferno, Google Chrome Security Team.
17) Tavis Ormandy, Google Security Team.
18) Chamal de Silva.

ORIGINAL ADVISORY: http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_28.html
 
 
Associated TopicsInternet