copyright | disclaimer | privacy | contact

HOME   About AusCERT   Membership   Contact Us   PKI Services   Training   Publications   Sec. Bulletins   Conferences   News & Media   Services   Web Log   Site Map   Site Help   Member login Login »  Become a member »   Home » Security Bul... » By Operating... » Windows (all) » Windows Serv... » ASB-2010.0253.2 - UPDATE [Win][Linux][Mac][OSX] Goog...   ASB-2010.0253.2 - UPDATE [Win][Linux][Mac][OSX] Google Chrome prior to 8.0.552.224: Multiple vulnerabilities Date: 22 December 2010 References: ESB-2011.0083  ESB-2011.0287   Related Files: ASB-2010.0253   Click here for printable version -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2010.0253.2 Google have released an update for Chrome, correcting several security vulnerabilities 22 December 2010 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Google Chrome prior to 8.0.552.224 Operating System: Windows Linux variants Mac OS X Impact/Access: Denial of Service -- Remote with User Interaction Reduced Security -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2010-4574 CVE-2010-4575 CVE-2010-4576 CVE-2010-4577 CVE-2010-4578 Member content until: Wednesday, January 19 2011 Revision History: December 22 2010: Added CVE references December 20 2010: Initial Release OVERVIEW Google have released an update for Chrome, correcting several security vulnerabilities. IMPACT The vendor has provided the following information regarding these vulnerabilities: "* [64-bit Linux only] [56449] High Bad validation for message deserialization on 64-bit builds. Credit to Lei Zhang of the Chromium development community. * [60761] Medium Bad extension can cause browser crash in tab handling. Credit to kuzzcc. * [63529] Low Browser crash with NULL pointer in web worker handling. Credit to Nathan Weizenbaum of Google. * [$1000] [63866] Medium Out-of-bounds read in CSS parsing. Credit to Chris Rohlf. * [$1000] [64959] High Stale pointers in cursor handling. Credit to Slawomir Blazek and Sergey Glazunov." [1] MITIGATION The latest version of Google Chrome (currently 8.0.552.224) can be downloaded from the vendor's website. [1] The update can also be applied from within Google Chrome using the built in update feature. REFERENCES [1] Stable, Beta Channel Updates http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates_13.html AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iD8DBQFNEXYi/iFOrG6YcBERAr8SAJwMiO+KPnIZs0IGbIFgsySvkaMocACg3UOk w0d/3KUSZtjckU+iP+J59WY= =X6rg -----END PGP SIGNATURE-----

Comments? Click here http://www.auscert.org.au/render.html?cid=9010&it=13753