Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
Database
Search
Advisories by Product
Advisories by Vendor
Terminology
Report Vulnerability
Insecure Library Loading
Highly critical

Google Chrome Multiple Vulnerabilities

-

Release Date:  2013-02-22    Last Update:  2013-03-06    Views:  3,738

Secunia Advisory SA52320

Where:

From remote

Impact:

Unknown, Security Bypass, System access

Solution Status:

Unpatched

CVE Reference(s):

Description


Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.

1) An unspecified error related to web audio node can be exploited to corrupt memory.

2) A use-after-free error exists in database handling.

3) An unspecified error exists in Matroska handling.

4) An unspecified error exists related to excessive SVG parameters.

5) An unspecified error exists in Skia.

6) An unspecified error exists due to inappropriate load of NaCl.

7) An unspecified error exists due to incorrect NaCl signal handling.

Note: This vulnerability affects the Mac platform only.

8) An error exists due to the developer tools process having to many permissions and incorrectly placing too much trust in the connected server.

9) An out-of-bounds read error exists in Skia.

10) Some unspecified errors exist due to memory safety issues across the IPC layer.

11) An integer overflow error exists in blob handling.

12) Some unspecified errors exist related to IPC layer.

13) A race condition error exists in media handling.

14) An error related to vorbis decoding can be exploited to cause a buffer overflow.

15) An unspecified error exists due to incorrect path handling in file copying.

Note: This vulnerability affects the Linux and Mac platforms only.

16) Some unspecified errors exist within the memory management in plug-in message handling.

17) A use-after-free error exists in URL handling.

18) An integer overflow error exists in Opus handling.

19) A race condition error exists in ICU.

This is related to:
SA52511

20) An unspecified error exists in the WebKit implementation of MathML.

The vulnerabilities are reported in versions prior to 25.0.1364.97 for Windows and Linux and prior to 25.0.1364.99 for Mac.


Solution:
Upgrade to version 25.0.1364.97 for Windows and Linux and 25.0.1364.99 for Mac.

Provided and/or discovered by:
8, 20) Reported by the vendor.

The vendor credits:
1, 3, 5) Atte Kettunen, OUSPG
2) Chamal de Silva
4) Renata Hodovan
6, 10, 12) Chris Evans, Google Chrome Security Team
7) Mark Seaborn, Chromium development community
9, 14, 19) Inferno, Google Chrome Security Team
11, 15, 18) Jüri Aedla, Google Chrome Security Team
13) Andrew Scherkus, Chromium development community
16) Cris Neckar, Google Chrome Security Team
17) Alexander Potapenko, Chromium development community

Original Advisory:
http://googlechromereleases.blogspot.com/2013/02/stable-channel-update_21.html

Deep Links:
Links available to Secunia VIM customers

Do you have additional information related to this advisory?

Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com

Subject: Google Chrome Multiple Vulnerabilities

No posts yet

-

You must be logged in to post a comment.



 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Factsheets
Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability