Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.
1) An unspecified error related to web audio node can be exploited to corrupt memory.
2) A use-after-free error exists in database handling.
3) An unspecified error exists in Matroska handling.
4) An unspecified error exists related to excessive SVG parameters.
5) An unspecified error exists in Skia.
6) An unspecified error exists due to inappropriate load of NaCl.
7) An unspecified error exists due to incorrect NaCl signal handling.
Note: This vulnerability affects the Mac platform only.
8) An error exists due to the developer tools process having to many permissions and incorrectly placing too much trust in the connected server.
9) An out-of-bounds read error exists in Skia.
10) Some unspecified errors exist due to memory safety issues across the IPC layer.
11) An integer overflow error exists in blob handling.
12) Some unspecified errors exist related to IPC layer.
13) A race condition error exists in media handling.
14) An error related to vorbis decoding can be exploited to cause a buffer overflow.
15) An unspecified error exists due to incorrect path handling in file copying.
Note: This vulnerability affects the Linux and Mac platforms only.
16) Some unspecified errors exist within the memory management in plug-in message handling.
17) A use-after-free error exists in URL handling.
18) An integer overflow error exists in Opus handling.
20) An unspecified error exists in the WebKit implementation of MathML.
The vulnerabilities are reported in versions prior to 25.0.1364.97 for Windows and Linux and prior to 25.0.1364.99 for Mac.
Solution: Upgrade to version 25.0.1364.97 for Windows and Linux and 25.0.1364.99 for Mac.
Provided and/or discovered by: 8, 20) Reported by the vendor.
The vendor credits:
1, 3, 5) Atte Kettunen, OUSPG
2) Chamal de Silva
4) Renata Hodovan
6, 10, 12) Chris Evans, Google Chrome Security Team
7) Mark Seaborn, Chromium development community
9, 14, 19) Inferno, Google Chrome Security Team
11, 15, 18) Jüri Aedla, Google Chrome Security Team
13) Andrew Scherkus, Chromium development community
16) Cris Neckar, Google Chrome Security Team
17) Alexander Potapenko, Chromium development community
Original Advisory: http://googlechromereleases.blogspot.com/2013/02/stable-channel-update_21.html
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org
Subject: Google Chrome Multiple Vulnerabilities
No posts yet
You must be logged in to post a comment.
Secunia Customer Login
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.