Google Chrome Multiple Vulnerabilities

Posted on Tuesday, January 26, 2010 @ 22:55:06 CET in Security
by Raven



CRITICAL: Highly Critical

DESCRIPTION: Some vulnerabilities and weaknesses have been reported in Google Chrome, where some have unknown impacts and others can be exploited by malicious people to disclose potentially sensitive information, bypass certain security restrictions, or compromise a user's system.

1) A use-after-free error when handling pop-up windows and navigating away from the current site can be exploited to corrupt memory via a specially crafted web page. Successful exploitation may allow execution of arbitrary code. The vulnerability is confirmed in version Other versions may also be affected.
2) An unspecified error can be exploited to bypass the pop-up blocker.
3) A design error in the handling of CSS stylesheets can be exploited to potentially disclose sensitive information from other domains.
4) An unspecified error allows XMLHttpRequests to directories.
5) An unspecified error exists related to escaping characters in shortcuts.
6) Unspecified errors exist related to drawing on canvases, which can corrupt memory.
7) An unspecified error exists during image decoding, which can corrupt memory.
8) An unspecified error exists, which may result in failure to strip "Referer".
9) An unspecified error affects cross-domain access.
10) An unspecified error exists in the deserialisation of bitmaps.

SOLUTION: Upgrade to version

1) Jakob Balle and Carsten Eiram, Secunia Research.
The vendor credits:
2) SkyLined
3) Chris Evans
4) Chromium development community
5) Michal Zalewski and Inferno of
6) Michal Zalewski and SkyLined
7) Robert Swiecki
8) Chromium development community
9) Tokuji Akamine, Symantec Consulting Services
10) Mark Dowd

ORIGINAL ADVISORY: Secunia Research:
click Related        click Share
News ©

Site Info v2.2.2

Last SeenLast Seen
Server TrafficServer Traffic
  • Total: 375,181,861
  • Today: 63,071
Server InfoServer Info
  • Jan 18, 2019
  • 11:18 pm CET