Main Menu

Mailing List

Name:

Email:

Archive

Archive

[SingCERT] Security updates for Google Chrome Multiple Vulnerabilities

Last Updated on Thursday, 28 June 2012 09:58

Attention: open in a new window. PDFPrintE-mail

[ Summary ]

Google has released Google Chrome 20.0.1132.43 for Linux, Mac, Windows and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

  
[ Affected Systems ]

 

Google Chrome prior to 20.0.1132.43

 

 

[ Impact Analysis ]

Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code or cause a denial-of-service condition.

 

·         Leak of iframe fragment id [CVE-2012-2815].

 

·         Prevent sandboxed processes interfering with each other[CVE-2012-2816].

 

·         Use-after-free in table section handling  [CVE-2012-2817].

 

·         Use-after-free in counter layout  [CVE-2012-2818].

 

·         Crash in texture handling [CVE-2012-2819].

 

·         Out-of-bounds read in SVG filter handling [CVE-2012-2820].

 

·         Autofill display problem [CVE-2012-2821].

 

·         Misc. lower severity OOB read issues in PDF [CVE-2012-2822].

 

·         Use-after-free in SVG resource handling [CVE-2012-2823].

 

·         Use-after-free in SVG painting [CVE-2012-2824].

 

·         Out-of-bounds read in texture conversion [CVE-2012-2826].

 

·         Use-after-free in Mac UI [CVE-2012-2827].

 

·         Integer overflows in PDF [CVE-2012-2828].

 

·         Use-after-free in first-letter handling [CVE-2012-2829].

 

·         Wild pointer in array value setting [CVE-2012-2830].

 

·         Unqualified load of metro DLL [CVE-2012-2764].

 

·         Use-after-free in SVG reference handling [CVE-2012-2831].

 

·         Uninitialized pointer in PDF image codec [CVE-2012-2832].

 

·         Buffer overflow in PDF JS API [CVE-2012-2833].

 

·         Integer overflow in Matroska container [CVE-2012-2834].

 

·         Wild read in XSL handling [CVE-2012-2825].

 

·         Integer overflows in libxml [CVE-2012-2807].

 

 

The above referenced bugs will be kept private by Google until a majority of users are up to date with the fix.

 

 

[ Solution/Workaround ]

Update Google Chrome to version 20.0.1132.43.

 

 

[ Reference ]

http://googlechromereleases.blogspot.sg/2012/06/stable-channel-update_26.html

 

 

SingCERT

< Prev   Next >