Skip to main content

Google Chrome Memory Corruption and Security Bypass Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 27 Jan 2010 5423 Views

RISK: Medium Risk

Multiple vulnerabilities have been identified in Google Chrome, which could be exploited by remote attackers to bypass restrictions, gain knowledge of sensitive information, cause a denial of service or potentially compromise a vulnerable system.

1. Due to an unspecified error which could allow web sites to bypass the pop-up blocker feature.

2. Due to a CSS design error, which could allow cross-domain scripting attacks.

3. Due to a memory corruption error related to the pop-up block menu, which could potentially be exploited to execute arbitrary code.

4. Due to the browser not preventing XMLHttpRequests to directories.

5. Due to an unspecified error related to characters in shortcuts.

6. Due to an unspecified memory corruption error related to drawing on canvases, which could potentially be exploited to execute arbitrary code.

7. Due to an unspecified memory corruption error related to image decoding, which could potentially be exploited to execute arbitrary code.

8. Due to an unspecified error related to strip Referer.

9. Due to an unspecified cross-domain access error.

10. Due to an unspecified error related to bitmap deserialization.

11. Due to an unspecified error when handling nested URLs, which could cause a vulnerable browser to crash.


Impact

  • Denial of Service
  • Remote Code Execution
  • Security Restriction Bypass
  • Information Disclosure

System / Technologies affected

  • Google Chrome versions prior to 4.0.249.78

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Upgrade to Google Chrome version 4.0.249.78 :
http://www.google.com/chrome


Vulnerability Identifier

  • No CVE information is available

Source


Related Link