Some vulnerabilities have been reported in Google Chrome, where some have unknown impacts and others can be exploited by malicious people to conduct spoofing attacks, bypass certain security restrictions, or potentially execute arbitrary code.
1) Some race conditions and pointer errors exist within the sandbox infrastructure.
2) An error exists related to persisted metadata such as Web Databases and STS.
3) The application processes HTTP headers before completing the SafeBrowsing check.
4) A memory error exists related to malformed SVG files.
6) The HTTP basic authentication dialog truncates URLs.
7) An unspecified error can be exploited to bypass the download warning dialog.
8) An unspecified error can be exploited to bypass the cross-origin policy.
9) A use-after-free error in WebKit when handling caption elements can be exploited to potentially execute arbitrary code inside the Chrome sandbox.
Provided and/or discovered by: 9) wushi of team509, reported via iDefense
The vendor credits:
1) Mark Dowd, Google Chrome Security Team contractor
2) Chris Evans of the Google Chrome Security Team and RSnake of ha.ckers.org
3) Mike Dougherty of dotSyntax, LLC.
4) wushi of team509
5) Sergey Glazunov
6) Inferno of the Google Chrome Security Team
7, 8) kuzzcc
Original Advisory: Google:
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org