Date: 28 June 2012
References: ESB-2012.0705 ESB-2012.0737 ESB-2012.0874 ESB-2012.0885 ESB-2012.0894 ESB-2012.0898 ESB-2012.0900 ESB-2013.0116 ESB-2013.0143.5 ESB-2013.0391
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT Security Bulletin
ASB-2012.0096
A number of vulnerabilities have been identified in Google Chrome
28 June 2012
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Google Chrome
Operating System: Windows
UNIX variants (UNIX, Linux, OSX)
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Denial of Service -- Remote with User Interaction
Access Confidential Data -- Remote with User Interaction
Reduced Security -- Unknown/Unspecified
Resolution: Patch/Upgrade
CVE Names: CVE-2012-2834 CVE-2012-2833 CVE-2012-2832
CVE-2012-2831 CVE-2012-2830 CVE-2012-2829
CVE-2012-2828 CVE-2012-2827 CVE-2012-2826
CVE-2012-2825 CVE-2012-2824 CVE-2012-2823
CVE-2012-2822 CVE-2012-2821 CVE-2012-2820
CVE-2012-2819 CVE-2012-2818 CVE-2012-2817
CVE-2012-2816 CVE-2012-2815 CVE-2012-2807
CVE-2012-2764
Member content until: Saturday, July 28 2012
OVERVIEW
A number of vulnerabilities have been identified in Google Chrome prior
to 20.0.1132.43.[1]
IMPACT
The following information is available on Google's website:
"[118633] Low CVE-2012-2815: Leak of iframe fragment id. Credit to
Elie Bursztein of Google.
[Windows only] [119150] [119250] High CVE-2012-2816: Prevent sandboxed
processes interfering with each other. Credit to Google Chrome Security
Team (Justin Schuh).
[$1000] [120222] High CVE-2012-2817: Use-after-free in table section
handling. Credit to miaubiz.
[$1000] [120944] High CVE-2012-2818: Use-after-free in counter layout.
Credit to miaubiz.
[120977] High CVE-2012-2819: Crash in texture handling. Credit to Ken
gets Russell of the Chromium development community.
[121926] Medium CVE-2012-2820: Out-of-bounds read in SVG filter
handling. Credit to Atte Kettunen of OUSPG.
[122925] Medium CVE-2012-2821: Autofill display problem. Credit to
simonbrown60.
[various] Medium CVE-2012-2822: Misc. lower severity OOB read issues
in PDF. Credit to awesome ASAN and various Googlers (Kostya Serebryany,
Evgeniy Stepanov, Mateusz Jurczyk, Gynvael Coldwind).
[$1000] [124356] High CVE-2012-2823: Use-after-free in SVG resource
handling. Credit to miaubiz.
[$1000] [125374] High CVE-2012-2824: Use-after-free in SVG painting.
Credit to miaubiz.
[128688] Medium CVE-2012-2826: Out-of-bounds read in texture
conversion. Credit to Google Chrome Security Team (Inferno).
[Mac only] [129826] Low CVE-2012-2827: Use-after-free in Mac UI. Credit
to the Chromium development community (Dharani Govindan).
[129857] High CVE-2012-2828: Integer overflows in PDF. Credit to
Mateusz Jurczyk of Google Security Team and Google Chrome Security Team
(Chris Evans).
[$1000] [129947] High CVE-2012-2829: Use-after-free in first-letter
handling. Credit to miaubiz.
[$1000] [129951] High CVE-2012-2830: Wild pointer in array value
setting. Credit to miaubiz.
[Windows only] [130276] Low CVE-2012-2764: Unqualified load of metro
DLL. Credit to Moshe Zioni of Comsec Consulting.
[$1000] [130356] High CVE-2012-2831: Use-after-free in SVG reference
handling. Credit to miaubiz.
[131553] High CVE-2012-2832: Uninitialized pointer in PDF image codec.
Credit to Mateusz Jurczyk of Google Security Team.
[132156] High CVE-2012-2833: Buffer overflow in PDF JS API. Credit to
Mateusz Jurczyk of Google Security Team.
[$1000] [132779] High CVE-2012-2834: Integer overflow in Matroska
container. Credit to Jri Aedla.
[$500] [127417] Medium CVE-2012-2825: Wild read in XSL handling. Credit
to Nicholas Gregoire.
[64-bit Linux only] [$3000] [129930] High CVE-2012-2807: Integer
overflows in libxml. Credit to Jri Aedla."[1]
MITIGATION
Users should update to the latest version of Chrome.[1]
REFERENCES
[1] Stable Channel Update
http://googlechromereleases.blogspot.com.au/search/label/Stable%20updates
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBT+uyGe4yVqjM2NGpAQJL1Q//cJtfnQNnHLpnkUiNl8kXa5VSO4kuuy9p
jGZwF5Z9NzEQvyDKhPQV8uGL8Khv3E+ZwlRcrZFfz68Ixf2jiptx5+y8VAS0uv2C
QRZwm5gU5rd2dnTEhlodmEDO/gBBLmAibx9iRw4jn5N2UpoBuhuyD9/p+XhWPKUx
bDauYZwSQ0yBylnPtj5BzidTONcuzjZUGxHbtSERPhJIsU0X34JK/g0lki8H/Tk3
6t+iofT9f5OO4xli/iy17AR4tIKuY7Olwo0P1xl3CD6TXUZN/SgAjaNDz+6qatWt
5+mUWpazhPlmgbGIvnwAzD115DC/TLLw7v2730zWUx4hll9YlP/swKCMOzfneHET
YTinyHnLKlTgKRqhQ/ShBxJiYEM3GiiwmrsfXOxoob27Q1guSDl+69Y43YiNrlY9
ehMhS4pu259lUz10kvQFhj2CTAM0iVObZIHKoPefuoeVlLp1KcUaufo1ukPV+fDL
LqMcax4K5puecp2VfJbjEic+qGTZSdOIO/f/cgxusGXTOwrJUxoCBAcOLjh3twIr
mqHBbCng5UnDIUSTbZNsJ6y/lsj+Ib1jDz2zLoI0XvwV89m7G7T8HTrFcDplHy+I
c/tBGNWes+5lmqLl/GHWX+icrlv506+gQH87tgEdZE3+nfQyQyW1056oiyGoB4fe
ZAe/oP9Zo9c=
=SSwA
-----END PGP SIGNATURE-----
|