-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2013.0005
     A number of vulnerabilities have been identified in Google Chrome
                              11 January 2013

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Google Chrome
Operating System:     Linux variants
                      Mac OS
                      Windows
Impact/Access:        Execute Arbitrary Code/Commands -- Remote with User Interaction
                      Denial of Service               -- Remote with User Interaction
                      Access Confidential Data        -- Remote with User Interaction
                      Unauthorised Access             -- Remote with User Interaction
Resolution:           Patch/Upgrade
CVE Names:            CVE-2013-0838 CVE-2013-0837 CVE-2013-0836
                      CVE-2013-0835 CVE-2013-0834 CVE-2013-0833
                      CVE-2013-0832 CVE-2013-0831 CVE-2013-0830
                      CVE-2013-0829 CVE-2013-0828 CVE-2012-5157
                      CVE-2012-5156 CVE-2012-5155 CVE-2012-5154
                      CVE-2012-5153 CVE-2012-5152 CVE-2012-5151
                      CVE-2012-5150 CVE-2012-5149 CVE-2012-5148
                      CVE-2012-5147 CVE-2012-5146 CVE-2012-5145
Member content until: Sunday, February 10 2013

OVERVIEW

        A number of vulnerabilities have been identified in Google Chrome
        prior to version 24.0.1312.52.


IMPACT

        The vendor has provided the following details regarding these 
        vulnerabilities:
        
        "[$1000] [162494] High CVE-2012-5145: Use-after-free in SVG layout. 
        Credit to Atte Kettunen of OUSPG.
        
        [$4000] [165622] High CVE-2012-5146: Same origin policy bypass with 
        malformed URL. Credit to Erling A Ellingsen and Subodh Iyengar, both 
        of Facebook.
        
        [$1000] [165864] High CVE-2012-5147: Use-after-free in DOM handling. 
        Credit to José A. Vázquez.
        
        [167122] Medium CVE-2012-5148: Missing filename sanitization in 
        hyphenation support. Credit to Google Chrome Security Team (Justin 
        Schuh).
        
        [166795] High CVE-2012-5149: Integer overflow in audio IPC handling. 
        Credit to Google Chrome Security Team (Chris Evans).
        
        [165601] High CVE-2012-5150: Use-after-free when seeking video. Credit 
        to Google Chrome Security Team (Inferno).
        
        [165538] High CVE-2012-5151: Integer overflow in PDF JavaScript. 
        Credit to Mateusz Jurczyk, with contribution from Gynvael Coldwind, 
        both of Google Security Team.
        
        [165430] Medium CVE-2012-5152: Out-of-bounds read when seeking video. 
        Credit to Google Chrome Security Team (Inferno).
        
        [164565] High CVE-2012-5153: Out-of-bounds stack access in v8. Credit 
        to Andreas Rossberg of the Chromium development community.
        
        [Windows only] [164490] Low CVE-2012-5154: Integer overflow in shared 
        memory allocation. Credit to Google Chrome Security Team (Chris Evans).
        
        [Mac only] [163208] Medium CVE-2012-5155: Missing Mac sandbox for 
        worker processes. Credit to Google Chrome Security Team (Julien 
        Tinnes).
        
        [162778] High CVE-2012-5156: Use-after-free in PDF fields. Credit to 
        Mateusz Jurczyk, with contribution from Gynvael Coldwind, both of 
        Google Security Team.
        
        [162776] [162156] Medium CVE-2012-5157: Out-of-bounds reads in PDF 
        image handling. Credit to Mateusz Jurczyk, with contribution from 
        Gynvael Coldwind, both of Google Security Team.
        
        [162153] High CVE-2013-0828: Bad cast in PDF root handling. Credit to 
        Mateusz Jurczyk, with contribution from Gynvael Coldwind, both of 
        Google Security Team.
        
        [162114] High CVE-2013-0829: Corruption of database metadata leading 
        to incorrect file access. Credit to Google Chrome Security Team (Jüri 
        Aedla).
        
        [Windows only] [162066] Low CVE-2013-0830: Missing NUL termination in 
        IPC. Credit to Google Chrome Security Team (Justin Schuh).
        
        [161836] Low CVE-2013-0831: Possible path traversal from extension 
        process. Credit to Google Chrome Security Team (Tom Sepez).
        
        [160380] Medium CVE-2013-0832: Use-after-free with printing. Credit to 
        Google Chrome Security Team (Cris Neckar).
        
        [154485] Medium CVE-2013-0833: Out-of-bounds read with printing. 
        Credit to Google Chrome Security Team (Cris Neckar).
        
        [154283] Medium CVE-2013-0834: Out-of-bounds read with glyph handling. 
        Credit to Google Chrome Security Team (Cris Neckar).
        
        [152921] Low CVE-2013-0835: Browser crash with geolocation. Credit to 
        Arthur Gerkis.
        
        [150545] High CVE-2013-0836: Crash in v8 garbage collection. Credit to 
        Google Chrome Security Team (Cris Neckar).
        
        [145363] Medium CVE-2013-0837: Crash in extension tab handling. Credit 
        to Tom Nielsen.
        
        [Linux only] [143859] Low CVE-2013-0838: Tighten permissions on shared 
        memory segments. Credit to Google Chrome Security Team (Chris 
        Palmer)." [1]


MITIGATION

        The vendor recommends updating Chrome to the latest version to correct
        these issues.


REFERENCES

        [1] Stable Channel Update
            http://googlechromereleases.blogspot.com.au/2013/01/stable-channel-update.html

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBUO+bSu4yVqjM2NGpAQI7YQ/+LcZ8dYjPuTogiJtqeG26ncTFsJJV0IkJ
3AKbPylaLaDaZosOyh12urYnWt0DmsJo3p80qhEYzoG2BLPHTfAGecwhUA6XRw7A
K4UfB6PCc1AcQp/41t9t8pmGHwGadtzVkbiEi9RpVZorla25GZglkOmXCdhw1Zda
64WtvJ5edTBOdepThYPiZWsr0ZJBumHCJsDHWSsrQpyrqsH7NVetZ5sBCjFRsJg0
waxyjLgU8BsLw1XT1lV8l4IDts8AUk091esgfmeifwvasS+H0r0YbxypUnRQj291
ril5pYPbWr1WymGPU0uFWepquBVHpunlpnNcpdXaaCoOlQRrMrjbgk18nNIpxQ33
CZnPwdJg8gDbk5c0zXT/31uw54XowWKoBBVv8UaeS8jsTH3nBYhImAuXMldIrpAi
cBpBn4S2yHnT6vSZWjFu3kmiwm44jSYKLWoX9neDEgPTRjDw7YAqR9VBQdhYyJfJ
pXAphm9dyHGD2wMu6DtEO8u+7tY4G9LuGyCWkABSHAxKBU0Wcugs3RKr1pxPT3P2
HHUDAjfy/D7yBb04Q7K51nDFeC3r0YPqY4zabNTKSBhHsRUkNgJdLLxTeO0dLPct
YtYPxLUmo7Pl2tW2+2ZmncieiwHDy9LHo4q01tSjQWtH9JxhZ7OT0JGWhSycGB+F
TjvZlthklnI=
=/NVj
-----END PGP SIGNATURE-----