Some vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to conduct cross-site request forgery and cross-site scripting attacks or potentially compromise a user's system.
1) An unspecified error exists in the type handling related to forms.
2) An unspecified error in the handling of HTTP requests can potentially be exploited to conduct cross-site request forgery attacks.
3) An unspecified error exists related to local file references through developer tools.
4) An unspecified error related to "chrome://net-internals" can be exploited to conduct cross-site scripting attacks.
5) An unspecified error related to "chrome://downloads" can be exploited to conduct cross-site scripting attacks.
6) An unspecified error may cause pages to load with privileges of the "New Tab" page.
7) An unspecified error in V8 bindings can be exploited to corrupt memory.
Solution: Update to version 18.104.22.1689.
Provided and/or discovered by: The vendor credits:
2) Meder Kydyraliev
3 - 5) Robert Swiecki, Tavis Ormandy
7) kuzzcc, SkyLined, Michal Zalewski
Original Advisory: http://googlechromereleases.blogspot.com/2010/04/stable-update-security-fixes.html
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org