Multiple vulnerabilities in Google Chrome

Posted: September 27, 2012 in Vulnerabilities
Tags:

Google ChromeVulnerability: Multiple vulnerabilities in Google Chrome

Danger: High
Patch: Yes
Impact: Cross Site Scripting
Security Bypass
System compromise
Affected products: Google Chrome 21.x
Affected versions: Google Chrome versions prior to 22.c

Number of vulnerabilities: 19
CVE ID:

CVE-2012-2874
CVE-2012-2875
CVE-2012-2876
CVE-2012-2877
CVE-2012-2878
CVE-2012-2879
CVE-2012-2880
CVE-2012-2881
CVE-2012-2882
CVE-2012-2883
CVE-2012-2884
CVE-2012-2885
CVE-2012-2886
CVE-2012-2887
CVE-2012-2888
CVE-2012-2889
CVE-2012-2890
CVE-2012-2891
CVE-2012-2892
CVE-2012-2893
CVE-2012-2894
CVE-2012-2895
CVE-2012-2896

Description:

Can be exploited by giving the user to execute arbitrary code on the target system.

1. The vulnerability is caused due to insufficient input validation. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.

2. The vulnerability is caused due to insufficient input validation. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.

3. An error in the processing of plugins. A remote user can cause abort tree DOM.

4. The vulnerability is caused due to SSE2 optimizations. This can be exploited to cause a buffer overflow and execute arbitrary code on the target system.

5. An error Skia. A remote user can execute read beyond the borders of the data and execute arbitrary code on the target system.

6. An error after release of the processing onclick. A remote user can execute arbitrary code on the target system.

7. An error after release of SVG in text links. A remote user can execute arbitrary code on the target system.

8. The vulnerability is caused due to an integer overflow error associated with WebGL treatment.

9. The vulnerability is caused due to an unspecified error. A remote user can cause abort topology DOM.

10. An error in Skia. A remote user can execute read beyond the borders of the data.

11. An error in the tool for viewing PDF files.

12. An error after release of the plug-in processing.

13. An error in the processing of the operation status paint buffers plugins.

14. An error in the processing of OGG container. A remote user can cause a call to an invalid pointer.

15. An error double free.

16. An error after release of a tool for handling PDF documents.

17. The vulnerability is caused due to an unspecified error. This can be exploited to bypass pop-up blocking functionality.

18. An error double free in XSL transforms.

19. The vulnerability is due to an error in the instrument view PDF. This can be exploited to write outside the boundaries of memory.

Manufacturer URL: http://google.com/

Solution: To resolve the vulnerability select the product version 22.x from the manufacturer.

Links:

http://googlechromereleases.blogspot.dk/2012/09/stable-channel-update_25.html

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s