Ravens PHP Scripts

Google Chrome Multiple Vulnerabilities
Date: Friday, April 29, 2011 @ 03:17:56 PDT
Topic: Security


SECUNIA ADVISORY ID: SA44375

VERIFY ADVISORY: http://secunia.com/advisories/44375/

CRITICALITY: Highly Critical

RELEASE DATE: 2011-04-29

DESCRIPTION: Some vulnerabilities have been reported in Google Chrome, which can be exploited by malicious people to bypass certain security restrictions, disclose potentially sensitive information, conduct spoofing attacks, and potentially compromise a user's system.



1) An unspecified error related to a stale pointer exists within the handling of floating objects.
2) A linked-list race condition exists within the database handling. Note: This vulnerability only affects the Linux and Mac versions.
3) The MIME handling does not properly ensure thread safety.
4) An extension with "tabs" permission can gain access to local files.
5) An integer overflow error exists within the float rendering.
6) An error related to blobs can be exploited to violate the same origin policy.
7) An unspecified error can be exploited to cause an interference between renderer processes. Note: This vulnerability only affects the Linux version.
8) A use-after-free error exists within the handling of "" tags and CSS.
9) A casting error exists within then handling of floating select lists.
10) An error related to mutation events can be exploited to corrupt node trees.
11) An unspecified error related to stale pointers exists in the layering code.
12) A race condition error exists within the sandbox launcher. Note: This vulnerability only affects the Linux
version.
13) Interrupted loads and navigation errors can be leveraged to spoof the URL bar.
14) An unspecified error related to a stale pointer exists within the handling of drop-down lists.
15) An unspecified error related to a stale pointer exists within the height calculations.
16) A use-after-free error exists within the handling of WebSockets.
17) An error related to dangling pointers exists within the handling of file dialogs.
18) An error related to dangling pointers exists within the handling of DOM id maps.
19) Redirects and manual reloads can be exploited to spoof the URL bar.
20) A use-after-free error exists within the handling of DOM ids.
21) An error related to stale pointers exists within the handling of PDF forms.

SOLUTION: Upgrade to version 11.0.696.57.

PROVIDED AND/OR DISCOVERED BY: The vendor credits:
1) Chromium Development Community (Scott Hess) and Martin Barbella
2) Chromium Development Community (Kostya Serebryany)
3) Aki Helin
4) Cole Snodgrass
5, 14) miaubiz
6, 13, 17) kuzzcc
7) Google Security Team (Julien Tinnes)
8) Jose A. Vazquez
9) Michael Griffiths
10) Sergey Glazunov and wushi, team 509.
11) Martin Barbella
12) Dan Rosenberg
15) wushi, team 509
16) Marek Majkowski
18, 20) Sergey Glazunov
19) Jordi Chancel
21) Chromium Development Community (Eric Roman)

ORIGINAL ADVISORY: Google Chrome: http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html






This article comes from Ravens PHP Scripts
http://www.ravenphpscripts.com

The URL for this story is:
http://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=3924