Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2012.0132 A number of vulnerabilities have been identified in Google Chrome 27 September 2012 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Google Chrome Operating System: UNIX variants (UNIX, Linux, OSX) Windows Impact/Access: Denial of Service -- Remote with User Interaction Execute Arbitrary Code/Commands -- Remote with User Interaction Reduced Security -- Remote with User Interaction Access Confidential Data -- Remote with User Interaction Cross-site Scripting -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2012-2897 CVE-2012-2896 CVE-2012-2895 CVE-2012-2894 CVE-2012-2893 CVE-2012-2892 CVE-2012-2891 CVE-2012-2890 CVE-2012-2889 CVE-2012-2888 CVE-2012-2887 CVE-2012-2886 CVE-2012-2885 CVE-2012-2884 CVE-2012-2883 CVE-2012-2882 CVE-2012-2881 CVE-2012-2880 CVE-2012-2879 CVE-2012-2878 CVE-2012-2877 CVE-2012-2876 CVE-2012-2875 CVE-2012-2874 Member content until: Saturday, October 27 2012 OVERVIEW A number of vulnerabilities have been identified in Google Chrome prior to version 22.0.1229.79. IMPACT The vendor has provided the following details regarding these vulnerabilities: "[$5000] [146254] Critical CVE-2012-2897: Windows kernel memory corruption. [$10000] [143439] High CVE-2012-2889: UXSS in frame handling. Credit to Sergey Glazunov. [$5000] [143437] High CVE-2012-2886: UXSS in v8 bindings. Credit to Sergey Glazunov. [$2000] [139814] High CVE-2012-2881: DOM tree corruption with plug-ins. Credit to Chamal de Silva. [$1000] [135432] High CVE-2012-2876: Buffer overflow in SSE2 optimizations. Credit to Atte Kettunen of OUSPG. [$1000] [140803] High CVE-2012-2883: Out-of-bounds write in Skia. Credit to Atte Kettunen of OUSPG. [$1000] [143609] High CVE-2012-2887: Use-after-free in onclick handling. Credit to Atte Kettunen of OUSPG. [$1000] [143656] High CVE-2012-2888: Use-after-free in SVG text references. Credit to miaubiz. [$1000] [144899] High CVE-2012-2894: Crash in graphics context handling. Credit to S?awomir B?az.ek. [Mac only] [$1000] [145544] High CVE-2012-2896: Integer overflow in WebGL. Credit to miaubiz. [$500] [137707] Medium CVE-2012-2877: Browser crash with extensions and modal dialogs. Credit to Nir Moshe. [$500] [139168] Low CVE-2012-2879: DOM topology corruption. Credit to pawlkt. [$500] [141651] Medium CVE-2012-2884: Out-of-bounds read in Skia. Credit to Atte Kettunen of OUSPG. [132398] High CVE-2012-2874: Out-of-bounds write in Skia. Credit to Google Chrome Security Team (Inferno). [134955] [135488] [137106] [137288] [137302] [137547] [137556] [137606] [137635] [137880] [137928] [144579] [145079] [145121] [145163] [146462] Medium CVE-2012-2875: Various lower severity issues in the PDF viewer. Credit to Mateusz Jurczyk of Google Security Team, with contributions by Gynvael Coldwind of Google Security Team. [137852] High CVE-2012-2878: Use-after-free in plug-in handling. Credit to Fermin Serna of Google Security Team. [139462] Medium CVE-2012-2880: Race condition in plug-in paint buffer. Credit to Google Chrome Security Team (Cris Neckar). [140647] High CVE-2012-2882: Wild pointer in OGG container handling. Credit to Google Chrome Security Team (Inferno). [142310] Medium CVE-2012-2885: Possible double free on exit. Credit to the Chromium development community. [143798] [144072] [147402] High CVE-2012-2890: Use-after-free in PDF viewer. Credit to Mateusz Jurczyk of Google Security Team, with contributions by Gynvael Coldwind of Google Security Team. [144051] Low CVE-2012-2891: Address leak over IPC. Credit to Lei Zhang of the Chromium development community. [144704] Low CVE-2012-2892: Pop-up block bypass. Credit to Google Chrome Security Team (Cris Neckar). [144799] High CVE-2012-2893: Double free in XSL transforms. Credit to Google Chrome Security Team (Cris Neckar). [145029] [145157] [146460] High CVE-2012-2895: Out-of-bounds writes in PDF viewer. Credit to Mateusz Jurczyk of Google Security Team, with contributions by Gynvael Coldwind of Google Security Team." [1] MITIGATION The vendor recommends updating Chrome to the latest version to correct these issues. REFERENCES [1] Stable Channel Update http://googlechromereleases.blogspot.dk/2012/09/stable-channel-update_25.html AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUGPeQO4yVqjM2NGpAQL6Mg//QLa3OB372/s4QamiMkpJBdsy9804JBTc tBOHO3MDuzA4zFXxg05tuK1Cj9ZjjgGHqFA07F0Q5vionvRq50g9Q4efAIRpGAjJ 71D7i+1GHyCGSHQ6g+2I779WcAuOnJXSK9xkSU6js+9ArY3UyrV4KrzlH6Ovi2as XHiNgkdLfmBo+uuZMNBg2yOg/wGr6W/2PNJVX4ttqcmCoLhSmVLAskOXhD4l/GCH xm5K6wsTy9u9Ml5XMqsRT4FijGXTXUrc8roL5+tx1wzQq4AfPwZ6JiuULNRI9O1Z xgPvvVWhyr9a7RD81vrcw0z5DI1fgAvrX/0EWhHte1cKIg4uSyJnBdgg8BGHh1ZX Nnth/OtLOVd4+bWdJlfgOLQ9a+/b20kChaFj+SPZMHIyd0PYljXDKR/gmIb4lo09 RMxeXKxjvCV9qaV1mnJUqMtodkFVqjrElmswNI8U4+Dg1Bh4Q2ONNm+w2jlYrvs8 oORRj5GihwN0ls+iSpGeUsNrMGu2AXnY8gVq3rMR1CZqmaRdH20l96bXGtdIWg0i dhVHxtrN2EVjH9f/+sI3N7zg28amDhtSMtenENpRclNFa/m1H4k49DQdcK+ltblg WryjJ5dHp5+fFCNZDHMaf8SCTG/ns4mR//cJQFwZ+9FB1ZivfM8tsxwZhK3yuoeE Eq7diE9L3Qw= =qRW7 -----END PGP SIGNATURE-----