Security Advisory SA42605 - Google Chrome Multiple Vulnerabilities

Secunia

Blog

Secunia Advisory SA42605

Google Chrome Multiple Vulnerabilities

Secunia Advisory

SA42605

Release Date

2010-12-14

Last Update

2010-12-23

Popularity

5,110 views

Comments

2 comments

Criticality level

Highly critical

Impact

Unknown
DoS
System access

Where

From remote

Authentication level

This information is available to Secunia VIM customers

Report reliability

This information is available to Secunia VIM customers

Solution Status

Vendor Patch

Systems affected

This information is available to Secunia VIM customers

Approve distribution

This information is available to Secunia VIM customers

Remediation status

Secunia CSI, Secunia PSI

Automated scanning

Secunia CSI, Secunia PSI

Software:

Google Chrome 8.x

Secunia CVSS Score

This information is available to Secunia VIM Customers

CVE Reference(s)

CVE-2010-4574 CVSS score available to Secunia VIM customers
CVE-2010-4575 CVSS score available to Secunia VIM customers
CVE-2010-4576 CVSS score available to Secunia VIM customers
CVE-2010-4577 CVSS score available to Secunia VIM customers
CVE-2010-4578 CVSS score available to Secunia VIM customers

Description

Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system.

1) A validation error when performing message deserialisation can be exploited to cause a crash or potentially corrupt memory.

This vulnerability affects 64-bit builds for Linux only.

2) An unspecified error when parsing Cascading Style Sheets (CSS) can be exploited to trigger an out-of-bounds read.

3) An unspecified error within cursor handling can be exploited to reference stale pointers.

Solution
Update to version 8.0.552.224.

Provided and/or discovered by
The vendor credits:
1) Lei Zhang, Chromium development community
2) Chris Rohlf
3) Slawomir Blazek and Sergey Glazunov

Changelog
Further details available to Secunia VIM customers

Original Advisory
http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates_13.html

Deep Links
Links available to Secunia VIM customers

Do you have additional information related to this advisory?

Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com

Subject: Google Chrome Multiple Vulnerabilities

User

Message

flyzipper

RE: Google Chrome Multiple Vulnerabilities

11th Jan, 2011 04:46

Score: 0
Posts: 1
User Since: 11th Jan 2011
System Score: N/A
Location: CA
Last edited on 11th Jan, 2011 04:46

The signature/scan for this may need a little tweaking.
The description states, "This vulnerability affects 64-bit builds for Linux only", yet I'm running 64-bit Windows 7 and still receive a warning.

Was this reply relevant?

-0

Anthony Wells

RE: Google Chrome Multiple Vulnerabilities

12th Jan, 2011 21:14

Score: 2324
Posts: 3,203
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

@flyzipper ,

I would read the Linux note as referring to point 1) only and release 8.0.552.224 fixes all 3) noted insecurities , hence your warning .

The subsequent update to version 8.0.552.231 is for Mac only and is a bug fix :-

http://googlechromereleases.blogspot.com/search/la...

Hope that is clearer .

Anthony

--

It always seems impossible until its done.
Nelson Mandela

Was this reply relevant?

-0

Secunia Advisory SA42605

Google Chrome Multiple Vulnerabilities

Do you have additional information related to this advisory?

You must be logged in to post a comment.

Secunia Customer Login

Not a customer already?