-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2014.0138
      Stable Google Chrome update addresses multiple vulnerabilities
                             27 November 2014

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Google Chrome
Operating System:     Windows
                      OS X
                      Linux variants
Impact/Access:        Execute Arbitrary Code/Commands -- Remote with User Interaction
                      Denial of Service               -- Remote with User Interaction
Resolution:           Patch/Upgrade
CVE Names:            CVE-2014-8439  
Member content until: Saturday, December 27 2014
Reference:            ESB-2014.2222

OVERVIEW

        Google has released Chrome 39.0.2171.71 which includes an update for 
        Adobe Flash and Adobe AIR as well as other fixes. [1]


IMPACT

        Google references the Adobe Security bulletin, which provides the
        following details regarding the vulnerabilities:
        
        "These updates provide additional hardening against CVE-2014-8439, 
        which was mitigated in the October 14, 2014 release". [2]


MITIGATION

        The vendor recommends updating to the latest version of Google Chrome
        to correct these issues. [1]


REFERENCES

        [1] Stable Channel Update
            http://googlechromereleases.blogspot.com.au/2014/11/stable-channel-update_25.html

        [2] Adobe Security Bulletin
            http://helpx.adobe.com/security/products/flash-player/apsb14-26.html

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBVHZ4bhLndAQH1ShLAQL3SA/+PjeF4PaffdWHCGIcMbex7gVl2+jR23om
04YEl9QzQ1KqSloS/KEv1w6KmjsCGxj3sS+EL+TZnJu6IpVp5s2rFG7WT75kE43l
/rPLHJAWWGVy66qpv7ao66yTJ9y36OKUWQYVGf3KibIB6heb0hqTHo1r6+7rx2rh
gb1O50TMDFU/gsm8edFuBDCLUrE2q21EIgevP6sKXHAUAji7zX/KSzK9dxvrt5fT
Kph96EIi+mR2Bh7jFUGYrEkEsaRp0PmJrvV6u8ioPKwkKfzYBtKf4faCpqNHna6X
b6FHMXlW8IbaefB/h4gjKiQfXL2lqvVZL83JCfvbLlAjl6dYj4t8lH+auCoO/Cex
zDh0MAIltIJuMHASr2U87+wv8477CuYnA1DYcmt+XY3Hx2zhBWSP7+NMJo6IrbZ2
/DB6BeZVh42ea7/H8JVc4qDN+RIgCy3raSyaa5yGNEqHQyo4eF6+sRDSAwczfR18
6gdixYiOd3vx+S0hwgoiezx2PwQVAOExt1hICpiL90gOfYw7uupl8/wzYFbPbHMB
5WczcMCFiqFvhYkUbBh133YroAx5e6tST/tJnERwEA09pipC2j5zuguzCpUxKdAm
ZU7SU/qrsGYkV9fG1NmsnfT9tgbcEo2ocuvHxApLYxu1cLIKImV/d4WNlKT0Azjq
IaGovoh+CJE=
=zASD
-----END PGP SIGNATURE-----