Australia's Leading Computer Emergency Response Team

ASB-2013.0047 - [Win][Linux][OSX] Google Chrome: Multiple vulnerabilities
Date: 27 March 2013
Original URL: http://www.auscert.org.au/render.html?cid=10415&it=17269

Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2013.0047
     A number of vulnerabilities have been identified in Google Chrome
                               27 March 2013

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Google Chrome
Operating System:     Windows
                      OS X
                      Linux variants
Impact/Access:        Execute Arbitrary Code/Commands -- Remote with User Interaction
                      Denial of Service               -- Remote with User Interaction
                      Access Confidential Data        -- Remote with User Interaction
                      Reduced Security                -- Remote with User Interaction
Resolution:           Patch/Upgrade
CVE Names:            CVE-2013-0926 CVE-2013-0925 CVE-2013-0924
                      CVE-2013-0923 CVE-2013-0922 CVE-2013-0921
                      CVE-2013-0920 CVE-2013-0919 CVE-2013-0918
                      CVE-2013-0917 CVE-2013-0916 
Member content until: Friday, April 26 2013

OVERVIEW

        A number of vulnerabilities have been identified in Google Chrome 
        prior to version 26.0.1410.43 for Windows, Mac, Linux, and Chrome 
        Frame. [1]


IMPACT

        The vendor has provided the following details regarding these 
        issues:
        
        "[$1000] [172342] High CVE-2013-0916: Use-after-free in Web Audio. 
        Credit to Atte Kettunen of OUSPG.
        [180909] Low CVE-2013-0917: Out-of-bounds read in URL loader. Credit 
        to Google Chrome Security Team (Cris Neckar).
        [180555] Low CVE-2013-0918: Do not navigate dev tools upon drag and 
        drop. Credit to Vsevolod Vlasov of the Chromium development community.
        [Linux only] [178760] Medium CVE-2013-0919: Use-after-free with pop-up 
        windows in extensions. Credit to Google Chrome Security Team (Mustafa 
        Emre Acer).
        [177410] Medium CVE-2013-0920: Use-after-free in extension bookmarks 
        API. Credit to Google Chrome Security Team (Mustafa Emre Acer).
        [174943] High CVE-2013-0921: Ensure isolated web sites run in their 
        own processes.
        [174129] Low CVE-2013-0922: Avoid HTTP basic auth brute force 
        attempts. Credit to t3553r.
        [169981] [169972] [169765] Medium CVE-2013-0923: Memory safety 
        issues in the USB Apps API. Credit to Google Chrome Security Team 
        (Mustafa Emre Acer).
        [169632] Low CVE-2013-0924: Check an extensions permissions API 
        usage again file permissions. Credit to Benjamin Kalman of the 
        Chromium development community.
        [168442] Low CVE-2013-0925: Avoid leaking URLs to extensions without 
        the tabs permissions. Credit to Michael Vrable of Google.
        [112325] Medium CVE-2013-0926: Avoid pasting active tags in certain 
        situations. Credit to Subho Halder, Aditya Gupta, and Dev Kar of 
        xys3c (xysec.com)." [1]


MITIGATION

        The vendor recommends updating to the latest version of Google Chrome 
        to correct these issues. [1]


REFERENCES

        [1] Stable Channel Update
            http://googlechromereleases.blogspot.com.au/2013/03/stable-channel-update_26.html

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBUVJZWO4yVqjM2NGpAQJghQ//Zp5O35B6/BqPHr+iIDxeJqlzZts+dIOn
spQGM0nR4rMewKELVJYcsziNGIa00F/yuwcp8/nE0aqv6Rv6jmN3BzrKeoyISXuL
hseAgfPzDERx5tH16PaariyzTgLIde2gL8JLM3xNiUm2rFbZCf+2r5NG7MO3YjZN
vkXDUIFBZtEeZ0rJf1qV5ATZ6/xwa8EldtfET8zNs7amk25Yhasvij96dvRlAYtP
ADCR8SLX6TGTwBmJwHqNenk1etoro89doCffwjFaCvIm7o2cKWI2PdO9LBXUB1CM
ocGcXMAtg4FJSX3JzPO4wIbnLz7Yy8DxRno9LKVWBK0iUSXljGIRSF5A7v9MykIu
YFnZV/kIMV6oMdx0LMq1xG5Mtfa8/eQohv2LC1qT83hGKT2+o0B7/Ug72Cl4YVvc
YVmp+LINmfHiUIfE0fwwPpYjMW1YgG8wKxxSPggTVV7oQKDS3l/Jb1ars1JaRB6v
XwoXkjsgnqSOm6w9WR1lMfsTYfgyv+VkXJWhF8a6dzn5xCklU7qZIJ7KauAFSFzp
tDiqQY1odRLVrS7ACRyCI+OANstWhwFcLahnqG5FScGP6/eHo5eaUjLsTcIZcigz
vwbdSfJz6UUxlDo+hqHkKKtygFFm/I1W+Fj3LJH3iNldVmJEKf4JKiMsFt9AW9aL
+DARetKy7GQ=
=adbO
-----END PGP SIGNATURE-----