-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2012.0132
     A number of vulnerabilities have been identified in Google Chrome
                             27 September 2012

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Google Chrome
Operating System:     UNIX variants (UNIX, Linux, OSX)
                      Windows
Impact/Access:        Denial of Service               -- Remote with User Interaction
                      Execute Arbitrary Code/Commands -- Remote with User Interaction
                      Reduced Security                -- Remote with User Interaction
                      Access Confidential Data        -- Remote with User Interaction
                      Cross-site Scripting            -- Remote with User Interaction
Resolution:           Patch/Upgrade
CVE Names:            CVE-2012-2897 CVE-2012-2896 CVE-2012-2895
                      CVE-2012-2894 CVE-2012-2893 CVE-2012-2892
                      CVE-2012-2891 CVE-2012-2890 CVE-2012-2889
                      CVE-2012-2888 CVE-2012-2887 CVE-2012-2886
                      CVE-2012-2885 CVE-2012-2884 CVE-2012-2883
                      CVE-2012-2882 CVE-2012-2881 CVE-2012-2880
                      CVE-2012-2879 CVE-2012-2878 CVE-2012-2877
                      CVE-2012-2876 CVE-2012-2875 CVE-2012-2874
Member content until: Saturday, October 27 2012

OVERVIEW

        A number of vulnerabilities have been identified in Google Chrome
        prior to version 22.0.1229.79.


IMPACT

        The vendor has provided the following details regarding these 
        vulnerabilities:
        
        "[$5000] [146254] Critical CVE-2012-2897: Windows kernel memory 
         corruption.
         [$10000] [143439] High CVE-2012-2889: UXSS in frame handling. Credit 
         to Sergey Glazunov.
         [$5000] [143437] High CVE-2012-2886: UXSS in v8 bindings. Credit to 
         Sergey Glazunov.
         [$2000] [139814] High CVE-2012-2881: DOM tree corruption with 
         plug-ins. Credit to Chamal de Silva.
         [$1000] [135432] High CVE-2012-2876: Buffer overflow in SSE2 
         optimizations. Credit to Atte Kettunen of OUSPG.
         [$1000] [140803] High CVE-2012-2883: Out-of-bounds write in Skia. 
         Credit to Atte Kettunen of OUSPG.
         [$1000] [143609] High CVE-2012-2887: Use-after-free in onclick 
         handling. Credit to Atte Kettunen of OUSPG.
         [$1000] [143656] High CVE-2012-2888: Use-after-free in SVG text 
         references. Credit to miaubiz.
         [$1000] [144899] High CVE-2012-2894: Crash in graphics context 
         handling. Credit to S?awomir B?az.ek.
         [Mac only] [$1000] [145544] High CVE-2012-2896: Integer overflow in 
         WebGL. Credit to miaubiz.
         [$500] [137707] Medium CVE-2012-2877: Browser crash with extensions 
         and modal dialogs. Credit to Nir Moshe.
         [$500] [139168] Low CVE-2012-2879: DOM topology corruption. Credit to 
         pawlkt.
         [$500] [141651] Medium CVE-2012-2884: Out-of-bounds read in Skia. 
         Credit to Atte Kettunen of OUSPG.
         [132398] High CVE-2012-2874: Out-of-bounds write in Skia. Credit to 
         Google Chrome Security Team (Inferno).
         [134955] [135488] [137106] [137288] [137302] [137547] [137556] 
         [137606] [137635] [137880] [137928] [144579] [145079] [145121] 
         [145163] [146462] Medium CVE-2012-2875: Various lower severity issues 
         in the PDF viewer. Credit to Mateusz Jurczyk of Google Security Team, 
         with contributions by Gynvael Coldwind of Google Security Team.
         [137852] High CVE-2012-2878: Use-after-free in plug-in handling. 
         Credit to Fermin Serna of Google Security Team.
         [139462] Medium CVE-2012-2880: Race condition in plug-in paint 
         buffer. Credit to Google Chrome Security Team (Cris Neckar).
         [140647] High CVE-2012-2882: Wild pointer in OGG container handling. 
         Credit to Google Chrome Security Team (Inferno).
         [142310] Medium CVE-2012-2885: Possible double free on exit. Credit 
         to the Chromium development community.
         [143798] [144072] [147402] High CVE-2012-2890: Use-after-free in PDF 
         viewer. Credit to Mateusz Jurczyk of Google Security Team, with 
         contributions by Gynvael Coldwind of Google Security Team.
         [144051] Low CVE-2012-2891: Address leak over IPC. Credit to Lei 
         Zhang of the Chromium development community.
         [144704] Low CVE-2012-2892: Pop-up block bypass. Credit to Google 
         Chrome Security Team (Cris Neckar).
         [144799] High CVE-2012-2893: Double free in XSL transforms. Credit to 
         Google Chrome Security Team (Cris Neckar).
         [145029] [145157] [146460] High CVE-2012-2895: Out-of-bounds writes in 
         PDF viewer. Credit to Mateusz Jurczyk of Google Security Team, with 
         contributions by Gynvael Coldwind of Google Security Team." [1]


MITIGATION

        The vendor recommends updating Chrome to the latest version to correct
        these issues.


REFERENCES

        [1] Stable Channel Update
            http://googlechromereleases.blogspot.dk/2012/09/stable-channel-update_25.html

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBUGPeQO4yVqjM2NGpAQL6Mg//QLa3OB372/s4QamiMkpJBdsy9804JBTc
tBOHO3MDuzA4zFXxg05tuK1Cj9ZjjgGHqFA07F0Q5vionvRq50g9Q4efAIRpGAjJ
71D7i+1GHyCGSHQ6g+2I779WcAuOnJXSK9xkSU6js+9ArY3UyrV4KrzlH6Ovi2as
XHiNgkdLfmBo+uuZMNBg2yOg/wGr6W/2PNJVX4ttqcmCoLhSmVLAskOXhD4l/GCH
xm5K6wsTy9u9Ml5XMqsRT4FijGXTXUrc8roL5+tx1wzQq4AfPwZ6JiuULNRI9O1Z
xgPvvVWhyr9a7RD81vrcw0z5DI1fgAvrX/0EWhHte1cKIg4uSyJnBdgg8BGHh1ZX
Nnth/OtLOVd4+bWdJlfgOLQ9a+/b20kChaFj+SPZMHIyd0PYljXDKR/gmIb4lo09
RMxeXKxjvCV9qaV1mnJUqMtodkFVqjrElmswNI8U4+Dg1Bh4Q2ONNm+w2jlYrvs8
oORRj5GihwN0ls+iSpGeUsNrMGu2AXnY8gVq3rMR1CZqmaRdH20l96bXGtdIWg0i
dhVHxtrN2EVjH9f/+sI3N7zg28amDhtSMtenENpRclNFa/m1H4k49DQdcK+ltblg
WryjJ5dHp5+fFCNZDHMaf8SCTG/ns4mR//cJQFwZ+9FB1ZivfM8tsxwZhK3yuoeE
Eq7diE9L3Qw=
=qRW7
-----END PGP SIGNATURE-----