Date: 26 October 2011
References: ESB-2012.0256 ESB-2012.0257 ESB-2012.0266 ESB-2012.0705
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT Security Bulletin
ASB-2011.0095
A number of vulnerabilities have been identified in Google Chrome
26 October 2011
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Google Chrome
Operating System: UNIX variants (UNIX, Linux, OSX)
Windows
Impact/Access: Denial of Service -- Remote with User Interaction
Cross-site Request Forgery -- Unknown/Unspecified
Provide Misleading Information -- Unknown/Unspecified
Read-only Data Access -- Unknown/Unspecified
Reduced Security -- Unknown/Unspecified
Resolution: Patch/Upgrade
CVE Names: CVE-2011-3891 CVE-2011-3890 CVE-2011-3889
CVE-2011-3888 CVE-2011-3887 CVE-2011-3886
CVE-2011-3885 CVE-2011-3884 CVE-2011-3883
CVE-2011-3882 CVE-2011-3881 CVE-2011-3880
CVE-2011-3879 CVE-2011-3878 CVE-2011-3877
CVE-2011-3876 CVE-2011-3875 CVE-2011-2845
Member content until: Friday, November 25 2011
OVERVIEW
A number of vulnerabilities have been identified in Google Chrome
prior to version 15.0.874.102 [1]
IMPACT
The vendor has provided the following details regarding these
vulnerabilities:
"[$500] [86758] High CVE-2011-2845: URL bar spoof in history handling. Credit to Jordi Chancel.
[88949] Medium CVE-2011-3875: URL bar spoof with drag+drop of URLs. Credit to Jordi Chancel.
[90217] Low CVE-2011-3876: Avoid stripping whitespace at the end of download filenames. Credit to Marc Novak.
[91218] Low CVE-2011-3877: XSS in appcache internals page. Credit to Google Chrome Security Team (Tom Sepez) plus independent discovery by Juho Nurminen.
[94487] Medium CVE-2011-3878: Race condition in worker process initialization. Credit to miaubiz.
[95374] Low CVE-2011-3879: Avoid redirect to chrome scheme URIs. Credit to Masato Kinugawa.
[95992] Low CVE-2011-3880: Donât permit as a HTTP header delimiter. Credit to Vladimir Vorontsov, ONsec company.
[$12174] [96047] [96885] [98053] [99512] [99750] High CVE-2011-3881: Cross-origin policy violations. Credit to Sergey Glazunov.
[96292] High CVE-2011-3882: Use-after-free in media buffer handling. Credit to Google Chrome Security Team (Inferno).
[$1000] [96902] High CVE-2011-3883: Use-after-free in counter handling. Credit to miaubiz.
[97148] High CVE-2011-3884: Timing issues in DOM traversal. Credit to Brian Ryner of the Chromium development community.
[$6337] [97599] [98064] [98556] [99294] [99880] [100059] High CVE-2011-3885: Stale style bugs leading to use-after-free. Credit to miaubiz.
[$2000] [98773] [99167] High CVE-2011-3886: Out of bounds writes in v8. Credit to Christian Holler.
[$1500] [98407] Medium CVE-2011-3887: Cookie theft with javascript URIs. Credit to Sergey Glazunov.
[$1000] [99138] High CVE-2011-3888: Use-after-free with plug-in and editing. Credit to miaubiz.
[$2000] [99211] High CVE-2011-3889: Heap overflow in Web Audio. Credit to miaubiz.
[99553] High CVE-2011-3890: Use-after-free in video source handling. Credit to Ami Fischman of the Chromium development community.
[100332] High CVE-2011-3891: Exposure of internal v8 functions. Credit to Steven Keuchel of the Chromium development community plus independent discovery by Daniel Divricean."
MITIGATION
The vendor recommends upgrading to the latest version of Google Chrome
to correct these issues. [1]
REFERENCES
[1] Google Chrome Releases update
http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBTqeDe+4yVqjM2NGpAQIWSA/+Mrnp6GXWJAX6AdpV3CuM9CH60tAWecQ7
drzDoFApVwd79+d6ahYK+OUUW3SuNSKIF24/sq8bkGAFQpLIKbmoUuApn43eZlkC
JtSk1sO5EIrKf9Y6v6kA8iTlDn3k3HOMY+arV/iP17LjyM5w7sgp5tpOQm/qZLwa
K12mFxyI2I6wn6v8zIRc/TmYiqPdHFkEUU2ydMNcGIG9bwwBjB5QEMQoU1N2RJuU
6hvqMrMrayyjwWTwbd47qa4kY6Q0k5qM/HW3FGy1F9rSRtUxXlk2nWtx6cc7E3Sx
oh3X74DM3YG3c++U2v8l6q4ZZ/xH+NcTr5wFgyoICf+MIZwURcA9GBnLqliVuGKg
7djKTcY8WIX1LU+xrBBINdeuyOzLjMfhH1CnwuSMrXWvqZ8NlUYfWMHToM97qa5y
ZyEhP+d6AleyGCXWfZ3n1Vps+uvkok+GCEKY0MQ+evbIm+MXY+4jNCpXMgFGQL2d
qIHrx+ihqrhF3wk5x9S21oAcWgks3gwVP4CCDyYaRrHfuoxlIKxXhobwKciM9QuU
erywxtFKlHqpK7GKbnUMc5SGGiyhCNE3dfQp8eMtMl8WfVIADh8Eq10sfp78BE5g
yFDhGsdx4gQ0ZmI2Bh44ihZemBMvLmNrvzFanDmlx3dy/ZVO7EHnFx3B1E0Qcqm6
Iu/k/8i8Uzs=
=kRz+
-----END PGP SIGNATURE-----
|