Ravens PHP Scripts

Google Chrome Multiple Vulnerabilities
Date: Thursday, February 11, 2010 @ 19:15:53 CET
Topic: Security


SECUNIA ADVISORY ID: SA38545

VERIFY ADVISORY: http://secunia.com/advisories/38545/

Critical: Highly Critical

DESCRIPTION: Some vulnerabilities have been reported in Google Chrome, which can be exploited by malicious people to disclose sensitive information, manipulate certain data, or potentially compromise a user's system. The vulnerabilities are reported in versions prior to 4.0.249.89.



1) Two errors when resolving domain names and when interpreting configured proxy lists can be exploited to disclose potentially sensitive data.
2) Multiple integer overflow errors in the v8 engine can be exploited to potentially execute arbitrary code.
3) An unspecified error in the processing of "<ruby>" tags can be exploited to potentially execute arbitrary code.
4) An error when processing "<iframe>" tags can be exploited to disclose a redirection target.
5) An unspecified error exists when displaying domain names in HTTP authentication dialogs.
6) An integer overflow error when deserializing a sandbox message can be exploited to potentially execute arbitrary code.

SOLUTION: Update to version 4.0.249.89.

PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Eric Roman and Christopher Eatinger
2, 6) Mark Dowd
3) SkyLined of the Google Chrome Security Team
5) Timothy D. Morgan of Virtual Security Research

ORIGINAL ADVISORY: http://googlechromereleases.blogspot.com/2010/02/stable-channel-update.html






This article comes from Ravens PHP Scripts
http://www.ravenphpscripts.com

The URL for this story is:
http://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=3785