
Denial of service in Google Chrome
Vulnerability: Denial of service in Google Chrome
Danger: High
Patch: Yes
Quantity of vulnerabilities: 19
Impact: Security Bypass
System compromise
Affected products: Google Chrome 22.x
Affected versions: Google Chrome versions prior to 23.0.1271.64
CVE ID: CVE-2012-5127, CVE-2012-5120, CVE-2012-5118, CVE-2012-5117, CVE-2012-5119, CVE-2012-5122, CVE-2012-5123, CVE-2012-5124, CVE-2012-5125, CVE-2012-5126, CVE-2012-5128
Description:
Which can be exploited by malicious people to execute arbitrary code on the target system.
1. The vulnerability is caused due to an integer overflow error when processing WebP. Can be exploited to read outside the boundaries of the data.
2. An error in v8. A remote user can access the array outside the boundaries of the data.
Note: The vulnerability only applies to Chrome for 64-x-bit versions of Linux.
3. An error after release of the processing filter SVG. A remote user can execute arbitrary code on the target system.
4. An error checking integer boundaries in command buffer GPU. A remote user can execute arbitrary code on the target system.
Note: The vulnerability only applies to Chrome for Mac OS X.
5. An error after release of the video in the markup. A remote user can execute arbitrary code on the target system.
6. The vulnerability is due to improper loading podresursov SVG in the context of the images. This can be exploited to bypass security restrictions on the target system.
7. An error status of the operation in the processing buffer Pepper. This can be exploited to bypass security restrictions on the target system.
8. An error in the processing of the input data. This can be exploited to bypass security restrictions on the target system.
9. An error in reading beyond the borders of data in Skia. This can be exploited to bypass security restrictions on the target system.
10. An error in the processing of textures. This can be exploited to corrupt memory and execute arbitrary code on the target system.
11. An error after release of the processing extension tabs. This can be exploited to bypass security restrictions on the target system.
12. An error after release of the processing core. This can be exploited to bypass security restrictions on the target system.
13. An error v8. A remote user can execute arbitrary code on the target system.
14. The application contains a vulnerable version of Adobe Flash Player.
Manufacturer URL: http://www.google.com/
Solution: To install the product vulnerabilities version 23.0.1271.64 from the manufacturer.
Links:
http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html