System compromise in Google Chrome

Posted: November 27, 2012 in Vulnerabilities
Tags: Chrome System compromise, Google Chrome

System compromise

Vulnerability: System compromise in Google Chrome

Danger: High
Patch: Yes
Number of vulnerabilities: 5

CVE ID: CVE-2012-5130
CVE-2012-5131
CVE-2012-5132
CVE-2012-5133
CVE-2012-5134
CVE-2012-5135
CVE-2012-5136

Vector of operation: Remote
Impact: System Compromise

Affected products: Google Chrome 23.x

Affected versions: Google Chrome to version 23.0.1271.91.

Description:

The vulnerability allows a remote user to execute arbitrary code on the target system.

1. An error in the use of post-liberation SVG-filters. This can be exploited to compromise a vulnerable system.

2. An error in reading outside the buffer Skia. This can be exploited to compromise a vulnerable system.

3. An error in LibXML. This can be exploited to compromise a vulnerable system.

4. An error in the use of post-liberation in the exercise of press. This can be exploited to compromise a vulnerable system.

5. An error in determining the type of the variable. This can be exploited to compromise a vulnerable system.

Manufacturer URL: https://www.google.com/intl/ru/chrome/browser/

Solution: Install the latest version 23.0.1271.91 from the manufacturer.

Links:

http://googlechromereleases.blogspot.dk/2012/11/stable-channel-update.html

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

MALWARELIST.net – Your Information Security Source

Security Solutions Deals

Follow Blog via Email

Top 5 Best Blog Posts

Categories

Find us on Facebook