Hash: SHA1

                         AUSCERT Security Bulletin

     A number of vulnerabilities have been identified in Google Chrome
                                16 May 2012


        AusCERT Security Bulletin Summary

Product:              Google Chrome
Operating System:     UNIX variants (UNIX, Linux, OSX)
Impact/Access:        Execute Arbitrary Code/Commands -- Remote with User Interaction
                      Denial of Service               -- Remote with User Interaction
                      Provide Misleading Information  -- Remote with User Interaction
                      Unauthorised Access             -- Remote with User Interaction
Resolution:           Patch/Upgrade
CVE Names:            CVE-2011-3102 CVE-2011-3101 CVE-2011-3100
                      CVE-2011-3099 CVE-2011-3098 CVE-2011-3097
                      CVE-2011-3096 CVE-2011-3095 CVE-2011-3094
                      CVE-2011-3093 CVE-2011-3092 CVE-2011-3091
                      CVE-2011-3090 CVE-2011-3089 CVE-2011-3088
                      CVE-2011-3087 CVE-2011-3086 CVE-2011-3085
                      CVE-2011-3084 CVE-2011-3083 
Member content until: Friday, June 15 2012


        A number of vulnerabilities have been identified in Google Chrome prior
        to Chrome 19. [1]


        Google has provided the following information:
        "[112983] Low CVE-2011-3083: Browser crash with video + FTP. Credit to
        Aki Helin of OUSPG.
        [113496] Low CVE-2011-3084: Load links from internal pages in their own
        process. Credit to Brett Wilson of the Chromium development community.
        [118374] Medium CVE-2011-3085: UI corruption with long autofilled
        values. Credit to psaldorn.
        [$1000] [118642] High CVE-2011-3086: Use-after-free with style element.
        Credit to Arthur Gerkis.
        [118664] Low CVE-2011-3087: Incorrect window navigation. Credit to
        Charlie Reis of the Chromium development community.
        [$500] [120648] Medium CVE-2011-3088: Out-of-bounds read in hairline
        drawing. Credit to Aki Helin of OUSPG.
        [$1000] [120711] High CVE-2011-3089: Use-after-free in table handling.
        Credit to miaubiz.
        [$500] [121223] Medium CVE-2011-3090: Race condition with workers.
        Credit to Arthur Gerkis.
        [121734] High CVE-2011-3091: Use-after-free with indexed DB. Credit to
        Google Chrome Security Team (Inferno).
        [$1000] [122337] High CVE-2011-3092: Invalid write in v8 regex. Credit
        to Christian Holler.
        [$500] [122585] Medium CVE-2011-3093: Out-of-bounds read in glyph
        handling. Credit to miaubiz.
        [122586] Medium CVE-2011-3094: Out-of-bounds read in Tibetan handling.
        Credit to miaubiz.
        [$1000] [123481] High CVE-2011-3095: Out-of-bounds write in OGG
        container. Credit to Hannu Heikkinen.
        [Linux only] [123530] Low CVE-2011-3096: Use-after-free in GTK omnibox
        handling. Credit to Arthur Gerkis.
        [123733] [124182] High CVE-2011-3097: Out-of-bounds write in sampled
        functions with PDF. Credit to Kostya Serebryany of Google and Evgeniy
        Stepanov of Google.
        [Windows only] [124216] Low CVE-2011-3098: Bad search path for Windows
        Media Player plug-in. Credit to Haifei Li of Microsoft and MSVR
        [124479] High CVE-2011-3099: Use-after-free in PDF with corrupt font
        encoding name. Credit to Mateusz Jurczyk of Google Security Team and
        Gynvael Coldwind of Google Security Team.
        [124652] Medium CVE-2011-3100: Out-of-bounds read drawing dash paths.
        Credit to Google Chrome Security Team (Inferno).
        [Linux only] [$500] [118970] Medium CVE-2011-3101: Work around Linux
        Nvidia driver bug. Credit to Aki Helin of OUSPG.
        [$1500] [125462] High CVE-2011-3102: Off-by-one out-of-bounds write in
        libxml. Credit to Jri Aedla." [1]


        Users should upgrade to Chrome 19. [1]


        [1] Stable Channel Update

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

Australian Computer Emergency Response Team
The University of Queensland
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
Comment: http://www.auscert.org.au/render.html?it=1967