Multiple vulnerabilities in Google Chrome 12-12-2012

Posted: December 13, 2012 in Vulnerabilities
Tags: , , , ,

Vulnerability

Vulnerabilities in Google Chrome

Vulnerability: Multiple vulnerabilities in Google Chrome

Danger: High
Patch: Yes
Number of vulnerabilities: 9

CVE ID: CVE-2012-5139, CVE-2012-5140, CVE-2012-5141, CVE-2012-5142, CVE-2012-5143, CVE-2012-5144, CVE-2012-5676, CVE-2012-5677, CVE-2012-5678

Vector of operation: Remote
Impact: Security Bypass, System compromise

Affected products: Google Chrome 23.x

Affected versions: Google Chrome to version 23.0.1271.97.

Description:

The vulnerability allows a remote user to execute arbitrary code on the target system.

1. The vulnerability is caused due to some errors in the embedded Adobe Flash Player. This can be exploited to compromise a vulnerable system.

The detailed description of vulnerability is here:

http://malwarelist.net/2012/12/12/vulnerabilities-in-adobe-flash-player/

2. An error after release of the processing of certain events. This can be exploited to compromise a vulnerable system.

3. An error of a URL after the release of the loader. This can be exploited to compromise a vulnerable system.

4. An error in the client module Chromoting. This can be exploited to bypass certain security restrictions.

5. An error in the navigation history. This can be exploited to compromise a vulnerable system.

6. The vulnerability is caused due to an integer overflow in the processing of the image buffer PPAPI. This can be exploited to bypass certain security restrictions.

7. An error in the AAC decoding. This can be exploited to corrupt memory stack, and compromise a vulnerable system.

Solution: Install the latest version 23.0.1271.97 from the manufacturer.

Links:

http://googlechromereleases.blogspot.dk/2012/12/stable-channel-update.html

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s