Denial of service in Google Chrome

Posted: November 8, 2012 in Vulnerabilities
Tags: , , ,

Google Chrome

Denial of service in Google Chrome

Vulnerability: Denial of service in Google Chrome

Danger: High
Patch: Yes
Quantity of vulnerabilities: 19

Impact: Security Bypass
System compromise

Affected products: Google Chrome 22.x

Affected versions: Google Chrome versions prior to 23.0.1271.64

CVE ID: CVE-2012-5127, CVE-2012-5120, CVE-2012-5118, CVE-2012-5117, CVE-2012-5119, CVE-2012-5122, CVE-2012-5123, CVE-2012-5124, CVE-2012-5125, CVE-2012-5126, CVE-2012-5128

Description:

Which can be exploited by malicious people to execute arbitrary code on the target system.

1. The vulnerability is caused due to an integer overflow error when processing WebP. Can be exploited to read outside the boundaries of the data.

2. An error in v8. A remote user can access the array outside the boundaries of the data.

Note: The vulnerability only applies to Chrome for 64-x-bit versions of Linux.

3. An error after release of the processing filter SVG. A remote user can execute arbitrary code on the target system.

4. An error checking integer boundaries in command buffer GPU. A remote user can execute arbitrary code on the target system.

Note: The vulnerability only applies to Chrome for Mac OS X.

5. An error after release of the video in the markup. A remote user can execute arbitrary code on the target system.

6. The vulnerability is due to improper loading podresursov SVG in the context of the images. This can be exploited to bypass security restrictions on the target system.

7. An error status of the operation in the processing buffer Pepper. This can be exploited to bypass security restrictions on the target system.

8. An error in the processing of the input data. This can be exploited to bypass security restrictions on the target system.

9. An error in reading beyond the borders of data in Skia. This can be exploited to bypass security restrictions on the target system.

10. An error in the processing of textures. This can be exploited to corrupt memory and execute arbitrary code on the target system.

11. An error after release of the processing extension tabs. This can be exploited to bypass security restrictions on the target system.

12. An error after release of the processing core. This can be exploited to bypass security restrictions on the target system.

13. An error v8. A remote user can execute arbitrary code on the target system.

14. The application contains a vulnerable version of Adobe Flash Player.

Manufacturer URL: http://www.google.com/

Solution: To install the product vulnerabilities version 23.0.1271.64 from the manufacturer.

Links:

http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s