SECUNIA ADVISORY ID: SA38545
VERIFY ADVISORY: http://secunia.com/advisories/38545/
Critical: Highly Critical
DESCRIPTION: Some vulnerabilities have been reported in Google Chrome, which can be exploited by malicious people to disclose sensitive information, manipulate certain data, or potentially compromise a user's system. The vulnerabilities are reported in versions prior to 4.0.249.89.
1) Two errors when resolving domain names and when interpreting configured proxy lists can be exploited to disclose potentially sensitive data.
2) Multiple integer overflow errors in the v8 engine can be exploited to potentially execute arbitrary code.
3) An unspecified error in the processing of "<ruby>" tags can be exploited to potentially execute arbitrary code.
4) An error when processing "<iframe>" tags can be exploited to disclose a redirection target.
5) An unspecified error exists when displaying domain names in HTTP authentication dialogs.
6) An integer overflow error when deserializing a sandbox message can be exploited to potentially execute arbitrary code.
SOLUTION: Update to version 4.0.249.89.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Eric Roman and Christopher Eatinger
2, 6) Mark Dowd
3) SkyLined of the Google Chrome Security Team
5) Timothy D. Morgan of Virtual Security Research
ORIGINAL ADVISORY: http://googlechromereleases.blogspot.com/2010/02/stable-channel-update.html
Google Chrome Multiple VulnerabilitiesPosted on Thursday, February 11, 2010 @ 19:15:53 UTC in Security Associated Topics
 |
Related
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
