[SingCERT] Security updates for Google Chrome Multiple Vulnerabilities
- Published on Thursday, 28 June 2012 09:44
[ Summary ]
Google has released Google Chrome 20.0.1132.43 for Linux, Mac, Windows and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.
[ Affected Systems ]
Google Chrome prior to 20.0.1132.43
[ Impact Analysis ]
Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code or cause a denial-of-service condition.
· Leak of iframe fragment id [CVE-2012-2815].
· Prevent sandboxed processes interfering with each other[CVE-2012-2816].
· Use-after-free in table section handling [CVE-2012-2817].
· Use-after-free in counter layout [CVE-2012-2818].
· Crash in texture handling [CVE-2012-2819].
· Out-of-bounds read in SVG filter handling [CVE-2012-2820].
· Autofill display problem [CVE-2012-2821].
· Misc. lower severity OOB read issues in PDF [CVE-2012-2822].
· Use-after-free in SVG resource handling [CVE-2012-2823].
· Use-after-free in SVG painting [CVE-2012-2824].
· Out-of-bounds read in texture conversion [CVE-2012-2826].
· Use-after-free in Mac UI [CVE-2012-2827].
· Integer overflows in PDF [CVE-2012-2828].
· Use-after-free in first-letter handling [CVE-2012-2829].
· Wild pointer in array value setting [CVE-2012-2830].
· Unqualified load of metro DLL [CVE-2012-2764].
· Use-after-free in SVG reference handling [CVE-2012-2831].
· Uninitialized pointer in PDF image codec [CVE-2012-2832].
· Buffer overflow in PDF JS API [CVE-2012-2833].
· Integer overflow in Matroska container [CVE-2012-2834].
· Wild read in XSL handling [CVE-2012-2825].
· Integer overflows in libxml [CVE-2012-2807].
The above referenced bugs will be kept private by Google until a majority of users are up to date with the fix.
[ Solution/Workaround ]
Update Google Chrome to version 20.0.1132.43.
[ Reference ]