what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Secunia Security Advisory 46049

Secunia Security Advisory 46049
Posted Nov 14, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue and some vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to conduct spoofing and cross-site scripting attacks, disclose sensitive information, bypass certain security restrictions, and compromise a user's system.

tags | advisory, spoof, vulnerability, xss
SHA-256 | a700661576d842a375d9e3904f9b62f436177c747e5c689987bf1e3bffefbd78

Secunia Security Advisory 46049

Change Mirror Download
----------------------------------------------------------------------

SC World Congress, New York, USA, 16 November 2011
Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs:

http://secunia.com/resources/events/sc_2011/

----------------------------------------------------------------------

TITLE:
Google Chrome Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA46049

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/46049/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=46049

RELEASE DATE:
2011-09-19

DISCUSS ADVISORY:
http://secunia.com/advisories/46049/#comments

AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)

http://secunia.com/advisories/46049/

ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS

https://ca.secunia.com/?page=viewadvisory&vuln_id=46049

ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING

http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

DESCRIPTION:
A security issue and some vulnerabilities have been reported in
Google Chrome, where some have an unknown impact and others can be
exploited by malicious people to conduct spoofing and cross-site
scripting attacks, disclose sensitive information, bypass certain
security restrictions, and compromise a user's system.

1) A race condition exists within the certificate cache.

2) An error within the Windows Media Player plugin can lead to
unintended access to system Flash.

3) An error exists within the v8 script object wrappers.

4) An unspecified error can be exploited to display arbitrary content
while showing the URL of a trusted web site in the address bar.

5) An error in the garbage collection component of the PDF plugin can
be exploited to corrupt memory.

6) The security issue is caused due to the Mac installer creating
lock files in an insecure manner.

NOTE: This only affects the Mac version.

7) An error within media buffers can be exploited to cause an
out-of-bounds read.

8) A use-after-free error exists within unload event handling.

9) A use-after-free error exists within the document loader.

10) An unspecified error when handling the forward button can be
exploited to display arbitrary content while showing the URL of a
trusted web site in the address bar.

11) An error within box handling can be exploited to cause an
out-of-bounds read.

12) An error within the handling of Khmer characters can be exploited
to cause an out-of-bounds read.

13) An error within video handling can be exploited to cause an
out-of-bounds read.

14) An off-by-one error exists within v8.

15) A use-after-free error exists within the plug-in handler.

16) A use-after-free error exists within ruby and table style
handing.

17) An error within stylesheet handling can lead to a stale node.

18) An unspecified error within v8 can be exploited to violate the
cross-origin policy.

19) A use-after-free error exists within the focus controller.

20) A double free error exists within the handling of libxml XPath.

21) An unspecified error can lead to incorrect permissions being
assigned to non-gallery pages.

22) A use-after-free error exists within table style handling.

23) An error within the PDF component can lead to a bad string read.

24) An unspecified error can lead to unintended access of v8 built-in
objects.

25) An error when handling Tibetan characters can be exploited to
cause an out-of-bounds read.

26) An error when handling triangle arrays can be exploited to cause
an out-of-bounds read.

27) A type confusion error exists within v8 object sealing.

SOLUTION:
Upgrade to version 14.0.835.163.

PROVIDED AND/OR DISCOVERED BY:
5) Mario Gomes (C4SS!0 G0M3S).
10) Jordi Chancel.

The vendor credits:
1) Ryan Sleevi, Chromium development community.
2) electronixtar.
3, 7) Kostya Serebryany, Chromium development community.
4) kuzzcc.
6) Aaron Sigel, vtty.com.
8, 17) Arthur Gerkis.
9, 11, 12, 19, 22) miaubiz.
13, 25, 26) Inferno, Google Chrome Security Team.
14, 27) Christian Holler.
15) SkyLined, Google Chrome Security Team.
16) Slawomir Blazek, miaubiz, and Inferno, Google Chrome Security
Team.
18) Daniel Divricean.
20) Yang Dingning, NCNIPC, Graduate University of Chinese Academy of
Sciences.
21) Bernhard 'Bruhns' Brehm, Recurity Labs.
23) Aki Helin, OUSPG.
24) Sergey Glazunov.

ORIGINAL ADVISORY:
Google:
http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html

Jordi Chancel:
http://www.alternativ-testing.fr/blog/index.php?post/2011/Google-Chrome-Webkit-URL-Bar-Spoofing-SSL/TLS-Spoofing

Mario Gomes:
http://net-fuzzer.blogspot.com/2011/10/google-chrome-140835163-pdf-file.html

OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/

DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/

EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/

EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/

EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Login or Register to add favorites

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close