Multiple vulnerabilities have been reported in Google Chrome, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.

1) The application bundles a vulnerable version of the Adobe Flash player.

For more information:
SA46818

2) A double free error exists in the Theora decoder.

3) Some errors in the MKV and Vorbis media handlers can be exploited to perform an out of bounds read.

4) An error due to a regression within the VP8 decoding functionality can be exploited to corrupt memory.

5) An error in the Vorbis decoder can be exploited to cause a heap-based buffer overflow.

6) An error in the shader variable mapping can be exploited to cause a buffer overflow.

7) A use-after-free error when attempting to replace a certain element due to a HTML5 "ContentEditable" command can be exploited to dereference already freed memory.

8) The application fails to ask for permission when running some JRE7 applets.

Solution
Update to version 15.0.874.120.

Provided and/or discovered by
7) pa_kt via ZDI.
8) Chris Evans, Google Chrome Security Team.

The vendor also credits:
2, 3, 5) Aki Helin, OUSPG.
4) Andrew Scherkus, Chromium development community.
6) Ken “strcpy” Russell, Chromium development community.

Changelog
Further details available to Secunia VIM customers

Original Advisory
Google:
http://googlechromereleases.blogspot.com/2011/11/stable-channel-update.html

ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-12-147/

Other references
Further details available to Secunia VIM customers

Deep Links
Links available to Secunia VIM customers