Date: 16 May 2012
References: ESB-2012.0492 ESB-2012.0519 ESB-2012.0521 ESB-2012.0705 ESB-2012.0874 ESB-2012.0894 ESB-2012.0898 ESB-2013.0143.5
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT Security Bulletin
ASB-2012.0073
A number of vulnerabilities have been identified in Google Chrome
16 May 2012
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Google Chrome
Operating System: UNIX variants (UNIX, Linux, OSX)
Windows
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Denial of Service -- Remote with User Interaction
Provide Misleading Information -- Remote with User Interaction
Unauthorised Access -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2011-3102 CVE-2011-3101 CVE-2011-3100
CVE-2011-3099 CVE-2011-3098 CVE-2011-3097
CVE-2011-3096 CVE-2011-3095 CVE-2011-3094
CVE-2011-3093 CVE-2011-3092 CVE-2011-3091
CVE-2011-3090 CVE-2011-3089 CVE-2011-3088
CVE-2011-3087 CVE-2011-3086 CVE-2011-3085
CVE-2011-3084 CVE-2011-3083
Member content until: Friday, June 15 2012
OVERVIEW
A number of vulnerabilities have been identified in Google Chrome prior
to Chrome 19. [1]
IMPACT
Google has provided the following information:
"[112983] Low CVE-2011-3083: Browser crash with video + FTP. Credit to
Aki Helin of OUSPG.
[113496] Low CVE-2011-3084: Load links from internal pages in their own
process. Credit to Brett Wilson of the Chromium development community.
[118374] Medium CVE-2011-3085: UI corruption with long autofilled
values. Credit to psaldorn.
[$1000] [118642] High CVE-2011-3086: Use-after-free with style element.
Credit to Arthur Gerkis.
[118664] Low CVE-2011-3087: Incorrect window navigation. Credit to
Charlie Reis of the Chromium development community.
[$500] [120648] Medium CVE-2011-3088: Out-of-bounds read in hairline
drawing. Credit to Aki Helin of OUSPG.
[$1000] [120711] High CVE-2011-3089: Use-after-free in table handling.
Credit to miaubiz.
[$500] [121223] Medium CVE-2011-3090: Race condition with workers.
Credit to Arthur Gerkis.
[121734] High CVE-2011-3091: Use-after-free with indexed DB. Credit to
Google Chrome Security Team (Inferno).
[$1000] [122337] High CVE-2011-3092: Invalid write in v8 regex. Credit
to Christian Holler.
[$500] [122585] Medium CVE-2011-3093: Out-of-bounds read in glyph
handling. Credit to miaubiz.
[122586] Medium CVE-2011-3094: Out-of-bounds read in Tibetan handling.
Credit to miaubiz.
[$1000] [123481] High CVE-2011-3095: Out-of-bounds write in OGG
container. Credit to Hannu Heikkinen.
[Linux only] [123530] Low CVE-2011-3096: Use-after-free in GTK omnibox
handling. Credit to Arthur Gerkis.
[123733] [124182] High CVE-2011-3097: Out-of-bounds write in sampled
functions with PDF. Credit to Kostya Serebryany of Google and Evgeniy
Stepanov of Google.
[Windows only] [124216] Low CVE-2011-3098: Bad search path for Windows
Media Player plug-in. Credit to Haifei Li of Microsoft and MSVR
(MSVR:159).
[124479] High CVE-2011-3099: Use-after-free in PDF with corrupt font
encoding name. Credit to Mateusz Jurczyk of Google Security Team and
Gynvael Coldwind of Google Security Team.
[124652] Medium CVE-2011-3100: Out-of-bounds read drawing dash paths.
Credit to Google Chrome Security Team (Inferno).
[Linux only] [$500] [118970] Medium CVE-2011-3101: Work around Linux
Nvidia driver bug. Credit to Aki Helin of OUSPG.
[$1500] [125462] High CVE-2011-3102: Off-by-one out-of-bounds write in
libxml. Credit to Jri Aedla." [1]
MITIGATION
Users should upgrade to Chrome 19. [1]
REFERENCES
[1] Stable Channel Update
http://googlechromereleases.blogspot.com.au/search/label/Stable%20updates
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBT7NGPO4yVqjM2NGpAQJmpQ//Z6Lz6nis4bS1tuw/dcwtXG9HEeojWJBP
n4IZLjqLjQq+/CQG5J9pdcl6PUjJWtha8aZ5GWvJTTxTU6cE1J9irZF6HYu8/8HK
9hUH/MQQeeD+XB54lz7VCw9qPneULpg0pYLDfnsCFEOy6dQafC635UbHFCxe+/G8
xcM5Zrp04oy+pLFFRgVxEzLIheqDhqRGKdmGrZWulRBvO+MFBVyxOU+FoyW5+K7P
xIP5r99FDkd1LXfLODDjUeGKodXhn3TAithTJuNNeOWmm0wOqipJae0VSjTKUn1u
eEUfv6NLcud7XpPJ6eVhhd56UdOtuL2ZVgQgNtGQjQKWPuzc/hi1veVdWw6iEfZe
UWiXSPvKpzsyNJ4BijlWKFlyaZvWNIZxbBjKQREPY4yfBzPD/61lPD5mTXAfUpBi
oQ4rN8z0PfHeJgYDkvntBmJ1szIpLRO994Rvp2aKAUnZ6up4C9bxu/3hqEZd8w5E
81wydyp6mZFdK3uJ1rV8T2prUrhYqA67seeCilNOcrYCDzTHZyu9qXZyjCy73zJi
5GuJFVuWmsCwk5MurL74l7f1XvjH6PlTiTEluII5QwpgQtwCdwiUFnzbxmumcmFV
cVjlnKKfZbIP6vnPYLqRbfJoeNsZ1dve+ZdE0WDHOrkXYWcuiUQAmYG6lEEg0x7o
zs2kcvVyS40=
=O8rr
-----END PGP SIGNATURE-----
|