Date: 28 November 2012
References: ESB-2012.1123 ESB-2012.1127 ESB-2013.0457.3
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT Security Bulletin
ASB-2012.0164
A number of vulnerabilities have been identified in Google Chrome
28 November 2012
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Google Chrome
Operating System: Windows
OS X
Linux variants
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Denial of Service -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2012-5136 CVE-2012-5135 CVE-2012-5134
CVE-2012-5133 CVE-2012-5132 CVE-2012-5131
CVE-2012-5130
Member content until: Friday, December 28 2012
OVERVIEW
A number of vulnerabilities have been identified in Google Chrome prior
to version 23.0.1271.91.
IMPACT
The vendor has provided the following details regarding these
vulnerabilities:
"[$1000] [152746] High CVE-2012-5131: Corrupt rendering in the Apple
OSX driver for Intel GPUs. Credit to Justin Drake.
[$1000] [156567] High CVE-2012-5133: Use-after-free in SVG filters.
Credit to miaubiz.
[$500] [148638] Medium CVE-2012-5130: Out-of-bounds read in Skia.
Credit to Atte Kettunen of OUSPG.
[155711] Low CVE-2012-5132: Browser crash with chunked encoding.
Credit to Attila Szsz.
[158249] High CVE-2012-5134: Buffer underflow in libxml. Credit to
Google Chrome Security Team (Jri Aedla).
[159165] Medium CVE-2012-5135: Use-after-free with printing. Credit
to Fermin Serna of Google Security Team.
[159829] Medium CVE-2012-5136: Bad cast in input element handling.
Credit to Google Chrome Security Team (Inferno)." [1]
MITIGATION
The vendor recommends updating to the latest version of Google Chrome
to correct this issue. [1]
REFERENCES
[1] Stable Channel Update
http://googlechromereleases.blogspot.nl/search/label/Stable%20updates
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBULV25O4yVqjM2NGpAQIgpg/7Blhej5BAeqgew6dJRHsnkERGoI8VJYmI
Yj0SdV4Z4zhEVMgp+kVYfZkqWA21ND5RwpNyARXBg+OI37qPW7hcxEayvOwoGnRF
LPT6Udqr3f0ngotNdpCd8xkR4ZQEA11WthLYETcHyaheW+qKYNZjBw+K2Xc2O7i4
WZiHfOPYyTcrBL5GT0Sz5ZYtgzqGNT4YiTRv5/ZV7NDXEDgir1Apz2k9Sn/8sbtG
GGORD6B4VRjmpjYy6Cocw6RY02nr4FiQOrb9aM38NBpcbHYxygMW163jci0p8hAp
jvI0uSqSeW1sAQTKtxhdkICOmNLeEHSQEEPRhPxZzbzrrYavrZWIRCalauFQ80Up
Ymgs1rCWoXNhkPTt/vYKPr8m1WmZz1MFSwrpwFiMavO96RkQV79R658k1PdhP8Bp
eVT1sFiU6iFfUNOFwe/6QuOtj7Br1Mk5tmgdJ/izKtV5GMVJueeVzlAxGF/SWBWP
Tmetg4hj/Rt1IQ9ynwOciNL9KZS4tdqeKIrd2uqHUwMTPKuSZzHjsByDBngDUhRF
WJlEhLkwuuucpn6f7NzJym6XocsFbXzOZ1lG94O4nDYEIgOI6UI4L+Sw1EoZnkg9
0KtoFYwBPkY1T9UBoDrMcQLtVX740A7LgQiao2pJuLM7Y7uQ3ozPpj9obC+D3Y4J
d8ggsU9BFf0=
=p+a1
-----END PGP SIGNATURE-----
|