Google Chrome Multiple Vulnerabilities

Posted on Thursday, February 11, 2010 @ 18:15:53 PST in Security
by Raven

SECUNIA ADVISORY ID: SA38545

VERIFY ADVISORY: http://secunia.com/advisories/38545/

Critical: Highly Critical

DESCRIPTION: Some vulnerabilities have been reported in Google Chrome, which can be exploited by malicious people to disclose sensitive information, manipulate certain data, or potentially compromise a user's system. The vulnerabilities are reported in versions prior to 4.0.249.89.

1) Two errors when resolving domain names and when interpreting configured proxy lists can be exploited to disclose potentially sensitive data.
2) Multiple integer overflow errors in the v8 engine can be exploited to potentially execute arbitrary code.
3) An unspecified error in the processing of "<ruby>" tags can be exploited to potentially execute arbitrary code.
4) An error when processing "<iframe>" tags can be exploited to disclose a redirection target.
5) An unspecified error exists when displaying domain names in HTTP authentication dialogs.
6) An integer overflow error when deserializing a sandbox message can be exploited to potentially execute arbitrary code.

SOLUTION: Update to version 4.0.249.89.

PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Eric Roman and Christopher Eatinger
2, 6) Mark Dowd
3) SkyLined of the Google Chrome Security Team
5) Timothy D. Morgan of Virtual Security Research

ORIGINAL ADVISORY: http://googlechromereleases.blogspot.com/2010/02/stable-channel-update.html
 
 
click Related        click Share
 
 
Associated Topics

Internet
 
News ©

Site Info v2.2.2

Server TrafficServer Traffic
  • Total: 367,065,508
  • Today: 70,893
Server InfoServer Info
  • Sep 18, 2018
  • 10:28 pm PDT
 
 

Daily Inspiration