Google Chrome: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2014.0099
     A number of vulnerabilities have been identified in Google Chrome
                              27 August 2014

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Google Chrome
Operating System:     Windows
                      OS X
                      Linux variants
Impact/Access:        Execute Arbitrary Code/Commands -- Remote with User Interaction
                      Denial of Service               -- Remote with User Interaction
                      Provide Misleading Information  -- Remote with User Interaction
Resolution:           Patch/Upgrade
CVE Names:            CVE-2014-3177 CVE-2014-3176 CVE-2014-3175
                      CVE-2014-3174 CVE-2014-3173 CVE-2014-3172
                      CVE-2014-3171 CVE-2014-3170 CVE-2014-3169
                      CVE-2014-3168  
Member content until: Friday, September 26 2014

OVERVIEW

        A number of vulnerabilities have been identified in Google Chrome
        prior to version 37.0.2062.94. [1]


IMPACT

        The vendor has provided the following details regarding these 
        vulnerabilities:
        
        "Security Fixes and Rewards
        
        Note: Access to bug details and links may be kept restricted until a
        majority of users are updated with a fix. We will also retain 
        restrictions if the bug exists in a third party library that other 
        projects similarly depend on, but haven’t yet fixed.
        
        This update includes 50 security fixes. Below, we highlight fixes 
        that were either contributed by external researchers or particularly
        interesting. Please see the Chromium security page for more 
        information.
        
        [$30000][386988] Critical CVE-2014-3176, CVE-2014-3177: A special 
        reward to lokihardt@asrt for a combination of bugs in V8, IPC, sync,
        and extensions that can lead to remote code execution outside of the
        sandbox.
        
        [$2000][369860] High CVE-2014-3168: Use-after-free in SVG. Credit to
        cloudfuzzer.
        
        [$2000][387389] High CVE-2014-3169: Use-after-free in DOM. Credit to
        Andrzej Dyjak.
        
        [$1000][390624] High CVE-2014-3170: Extension permission dialog 
        spoofing. Credit to Rob Wu.
        
        [$4000][390928] High CVE-2014-3171: Use-after-free in bindings. 
        Credit to cloudfuzzer.
        
        [$1500][367567] Medium CVE-2014-3172: Issue related to extension 
        debugging. Credit to Eli Grey.
        
        [$2000][376951] Medium CVE-2014-3173: Uninitialized memory read in 
        WebGL. Credit to jmuizelaar.
        
        [$500][389219] Medium CVE-2014-3174: Uninitialized memory read in 
        Web Audio. Credit to Atte Kettunen from OUSPG.
        
        We would also like to thank Collin Payne, Christoph Diehl, Sebastian
        Mauer, Atte Kettunen, and cloudfuzzer for working with us during the
        development cycle to prevent security bugs from ever reaching the 
        stable channel. $8000 in additional rewards were issued.
        
        As usual, our ongoing internal security work responsible for a wide
        range of fixes:
        
        [406143] CVE-2014-3175: Various fixes from internal audits, fuzzing
        and other initiatives (Chrome 37)." [1]


MITIGATION

        The vendor recommends updating to the latest version of Google
        Chrome to correct these issues. [1]


REFERENCES

        [1] Stable Channel Update
            http://googlechromereleases.blogspot.com.au/2014/08/stable-channel-update_26.html

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBU/1nfhLndAQH1ShLAQK0xg//YZ/xP0i7SYlpgWx4jCxAkWmd3ZcIGhdy
RRa9dUY2N//wi2O9m804Wu5w8HndDMSyhrm5EYYEtT7+oLPrCUv/7Cx+sUnB5GFR
hK4jk2Kwc1cBVQNy/WyX715GSckyV1tIQCOXK53q3SMTdx0mxo657lLkCdMzy8r/
dyzhBIOTu9Fi6VJmXZnyYwR5jxfBFGHMhzl1e9pnCmMi9WinIAH4CNzWNW1qcum+
3yII8V+JjRRkuVkgGMIlxQ67PXYQe3v785S4+OJEUBK0FvAgcQqtCQB/P6EKBwWw
hOCB9rqkil83Gj+8KVRg6xFnJ9O2AAbDb9pr+KDgpfxQceV0hWEFJb9V3fS0E+aM
qXyNv6whEIv2YUatEKnLxd9IMXIrYHPOTIcf0Y5I3hlVKNvKF3X2ugdY1JcpzoWU
JxpuGEnV1bGNekzQPbgIulxsFE2iNR6TiHOO/5k476n5VMYqMoBRTqJOOM3He7BZ
ri2/6jRjXeQ/wdQD4US/hsMtRmmoOrokz9Q5h9wGVZt1bS0/ejuIQtLgFjMjfL2S
g1FKtLKWdRGqWSg1bMXGoanQ710vYAcdXhRG0m0ihtYaa8C3PjfbqvA6YJumz7L+
s8T2gyAWNQEttn6bbn7gkzkBLUm3vXkap+rAGOCiyGUoWyMj7HEvhJsHSuiPSIWE
Y9H24SFsY78=
=+S86
-----END PGP SIGNATURE-----