Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2012.0079 A number of vulnerabilities have been identified in Google Chrome 25 May 2012 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Google Chrome Operating System: UNIX variants (UNIX, Linux, OSX) Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Reduced Security -- Unknown/Unspecified Resolution: Patch/Upgrade CVE Names: CVE-2011-3115 CVE-2011-3114 CVE-2011-3113 CVE-2011-3112 CVE-2011-3111 CVE-2011-3110 CVE-2011-3109 CVE-2011-3108 CVE-2011-3107 CVE-2011-3106 CVE-2011-3105 CVE-2011-3104 CVE-2011-3103 Member content until: Sunday, June 24 2012 OVERVIEW A number of vulnerabilities have been identified in Google Chrome prior to 19.0.1084.52.[1] IMPACT Google has provided the following information: "[117409] High CVE-2011-3103: Crashes in v8 garbage collection. Credit to the Chromium development community (Brett Wilson). [118018] Medium CVE-2011-3104: Out-of-bounds read in Skia. Credit to Google Chrome Security Team (Inferno). [$1000] [120912] High CVE-2011-3105: Use-after-free in first-letter handling. Credit to miaubiz. [122654] Critical CVE-2011-3106: Browser memory corruption with websockets over SSL. Credit to the Chromium development community (Dharani Govindan). [124625] High CVE-2011-3107: Crashes in the plug-in JavaScript bindings. Credit to the Chromium development community (Dharani Govindan). [$1337] [125159] Critical CVE-2011-3108: Use-after-free in browser cache. Credit to efbiaiinzinz. [Linux only] [$1000] [126296] High CVE-2011-3109: Bad cast in GTK UI. Credit to Micha Bartholom. [126337] [126343] [126378] [127349] [127819] [127868] High CVE-2011-3110: Out of bounds writes in PDF. Credit to Mateusz Jurczyk of the Google Security Team, with contributions by Gynvael Coldwind of the Google Security Team. [$500] [126414] Medium CVE-2011-3111: Invalid read in v8. Credit to Christian Holler. [127331] High CVE-2011-3112: Use-after-free with invalid encrypted PDF. Credit to Mateusz Jurczyk of the Google Security Team, with contributions by Gynvael Coldwind of the Google Security Team. [127883] High CVE-2011-3113: Invalid cast with colorspace handling in PDF. Credit to Mateusz Jurczyk of the Google Security Team, with contributions by Gynvael Coldwind of the Google Security Team. [128014] High CVE-2011-3114: Buffer overflows with PDF functions. Credit to Google Chrome Security Team (scarybeasts). [$1000] [128018] High CVE-2011-3115: Type corruption in v8 Credit to Christian Holler." [1] MITIGATION Users should upgrade to the latest version of Google Chrome. [1] REFERENCES [1] Stable Channel Update http://googlechromereleases.blogspot.com.au/2012/05/stable-channel-update_23.html AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBT77YZu4yVqjM2NGpAQLUZRAArFBnc2vVfteH+/zzHhBs2R/BRXdqRRX/ dL2WHCgQLzmdesRt6ZjRsAf44XItxmmNVhMNg0LEJyR6wEi21ahQEEiOlvA+M+5u WxgUEQsu9punq2BUyBcl3hwhSXh1uBhABs79YtseG2UK43qf/zvWKJWfRUHecnnR JIwOe8YJELK3BNtlVKbV3SM2vT5H90buRTpyj2oEmH7xxFfogGZ6wilZJocZjU1I GSvMNipuz8q+oGJV2MDP/Pw9FROKbSY5UHuyNDWo/usLzsfPJh63P6JexbZFXfdL 2fhdh/uCgl2W30HbnFODmkMfZv51pidoGtHBKpu8PxBXramfw/8hAkxxTapFzAd0 yC7nfRwD2k7wnEeImhxNlR1o/aRd7yKOFmMjq2zNaN+or+1m40D6QRW2eNZtbEgz wvuMXq9aMCtvTDe+5yUNbHOGBYNXHa5CvMGQJqK1c/trsSSQNt5pQUnB+C9OL8+j A+vG/KFSwOmy+7GCpezKrCDLQ+kwjc/G3ttfEYn0fdEnfksXbIzRiHnmmo8dSZbh XiM6hsd/r3wZIFCvF9fsF5WFxAPKAhPKJA9bN94gmlrHGM99d0VFRnzIA9fvkFzy TCoWl9cnSjJZoUo8xZhiWRjODlzicEWaMVewNJzwYCFw0feoeniUUkaGSmfn4dNP my1kN77h0NM= =KQte -----END PGP SIGNATURE-----