-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
                         AUSCERT Security Bulletin

                              ASB-2010.0253.2
           Google have released an update for Chrome, correcting
                     several security vulnerabilities
                             22 December 2010

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Google Chrome prior to 8.0.552.224
Operating System:     Windows
                      Linux variants
                      Mac OS X
Impact/Access:        Denial of Service -- Remote with User Interaction
                      Reduced Security  -- Remote with User Interaction
Resolution:           Patch/Upgrade
CVE Names:            CVE-2010-4574 CVE-2010-4575 CVE-2010-4576
                      CVE-2010-4577 CVE-2010-4578 
Member content until: Wednesday, January 19 2011

Revision History:     December 22 2010: Added CVE references
                      December 20 2010: Initial Release

OVERVIEW

        Google have released an update for Chrome, correcting several security 
        vulnerabilities.


IMPACT

        The vendor has provided the following information regarding these
        vulnerabilities:
        
        "* [64-bit Linux only] [56449] High Bad validation for message 
           deserialization on 64-bit builds. Credit to Lei Zhang of the 
           Chromium development community.
         * [60761] Medium Bad extension can cause browser crash in tab 
           handling. Credit to kuzzcc.
         * [63529] Low Browser crash with NULL pointer in web worker handling. 
           Credit to Nathan Weizenbaum of Google.
         * [$1000] [63866] Medium Out-of-bounds read in CSS parsing. Credit 
           to Chris Rohlf.
         * [$1000] [64959] High Stale pointers in cursor handling. Credit to 
           Slawomir Blazek and Sergey Glazunov." [1]


MITIGATION

        The latest version of Google Chrome (currently 8.0.552.224) can be
        downloaded from the vendor's website. [1]
                                                                                                
        The update can also be applied from within Google Chrome using 
        the built in update feature.


REFERENCES

        [1] Stable, Beta Channel Updates
            http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates_13.html

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iD8DBQFNEXYi/iFOrG6YcBERAr8SAJwMiO+KPnIZs0IGbIFgsySvkaMocACg3UOk
w0d/3KUSZtjckU+iP+J59WY=
=X6rg
-----END PGP SIGNATURE-----