Google Chrome Code Execution and Security Bypass Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 12 Feb 2010 5165 Views

RISK: Medium Risk

Medium Risk

Multiple vulnerabilities have been identified in Google Chrome, which could be exploited by remote attackers to bypass restrictions, disclose sensitive information or compromise a vulnerable system.

1. Due to an unspecified DNS and fall-back behavior of proxies, which could disclose sensitive information.

2. Due to an integer overflow errors in the v8 engine, which could be exploited to execute arbitrary code.

3. Due to an error related to the processing of "ruby" tags, which could be exploited to execute arbitrary code.

4. Due to an error related to "iframe" data, which could leak redirection targets.

5. Due an error when displaying HTTP authentication dialogs, which could allow phishing attacks.

6. Due to an integer overflow when deserializing sandbox messages, which could allow code execution.

Impact

  • Remote Code Execution
  • Security Restriction Bypass
  • Information Disclosure

System / Technologies affected

  • Google Chrome versions prior to 4.0.249.89

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Upgrade to Google Chrome version 4.0.249.89 :
http://www.google.com/chrome

Vulnerability Identifier

  • No CVE information is available

Source

Related Link

Share with

Previous

HP OpenView Network Node Manager Java JDK / JRE Multiple Vulnerabilities

11 Feb 2010 5226 Views

Next

Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability

18 Feb 2010 5164 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY