Vulnerabilities in Google Chrome
Vulnerability: Multiple vulnerabilities in Google Chrome
Danger: High
Patch: Yes
Number of vulnerabilities: 9
CVE ID: CVE-2012-5139, CVE-2012-5140, CVE-2012-5141, CVE-2012-5142, CVE-2012-5143, CVE-2012-5144, CVE-2012-5676, CVE-2012-5677, CVE-2012-5678
Vector of operation: Remote
Impact: Security Bypass, System compromise
Affected products: Google Chrome 23.x
Affected versions: Google Chrome to version 23.0.1271.97.
Description:
The vulnerability allows a remote user to execute arbitrary code on the target system.
1. The vulnerability is caused due to some errors in the embedded Adobe Flash Player. This can be exploited to compromise a vulnerable system.
The detailed description of vulnerability is here:
https://malwarelist.net/2012/12/12/vulnerabilities-in-adobe-flash-player/
2. An error after release of the processing of certain events. This can be exploited to compromise a vulnerable system.
3. An error of a URL after the release of the loader. This can be exploited to compromise a vulnerable system.
4. An error in the client module Chromoting. This can be exploited to bypass certain security restrictions.
5. An error in the navigation history. This can be exploited to compromise a vulnerable system.
6. The vulnerability is caused due to an integer overflow in the processing of the image buffer PPAPI. This can be exploited to bypass certain security restrictions.
7. An error in the AAC decoding. This can be exploited to corrupt memory stack, and compromise a vulnerable system.
Solution: Install the latest version 23.0.1271.97 from the manufacturer.
Links:
http://googlechromereleases.blogspot.dk/2012/12/stable-channel-update.html
