Skip to main content

Google Chrome Code Execution and Security Bypass Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 12 Feb 2010 5335 Views

RISK: Medium Risk

Multiple vulnerabilities have been identified in Google Chrome, which could be exploited by remote attackers to bypass restrictions, disclose sensitive information or compromise a vulnerable system.

1. Due to an unspecified DNS and fall-back behavior of proxies, which could disclose sensitive information.

2. Due to an integer overflow errors in the v8 engine, which could be exploited to execute arbitrary code.

3. Due to an error related to the processing of "ruby" tags, which could be exploited to execute arbitrary code.

4. Due to an error related to "iframe" data, which could leak redirection targets.

5. Due an error when displaying HTTP authentication dialogs, which could allow phishing attacks.

6. Due to an integer overflow when deserializing sandbox messages, which could allow code execution.


Impact

  • Remote Code Execution
  • Security Restriction Bypass
  • Information Disclosure

System / Technologies affected

  • Google Chrome versions prior to 4.0.249.89

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Upgrade to Google Chrome version 4.0.249.89 :
http://www.google.com/chrome


Vulnerability Identifier

  • No CVE information is available

Source


Related Link