Skip to main content

Google Chrome Multiple Vulnerabilities

Last Update Date: 4 Aug 2011 09:57 Release Date: 4 Aug 2011 6870 Views

RISK: High Risk

TYPE: Clients - Browsers

TYPE: Browsers

Multiple vulnerabilities have been identified in Google Chrome, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, and compromise a user's system.

  1. An unspecified error exists when confirming an extension install via a browser dialog.
  2. An unspecified error can be exploited to disclose the local file path via GL program log, cause an out-of-bounds write and read, and lead to a cross-frame function leak, internal schemes being web accessible, client-side redirect target being leaked, a crash when handling nested functions within a PDF file, cross-origin script injection and cross-origin violation in base URI handling.
  3. An error in rendering due to bad line box tracking can lead to a stale pointer.
  4. The application does not prompt when downloading dangerous files.
  5. An error exists within file permissions when handling drag and drop events.
  6. An error when installing a developer mode NPAPI extension does not confirm the install via a browser dialog.
  7. An input sanitisation error exists when handling homepage URL in extensions.
  8. The application does not verify that the speech input bubble is on-screen.
  9. An error due to re-entrancy issue in GPU lock can be exploited to cause a crash.
  10. An error within inspector serialization can be exploited to cause a buffer overflow.
  11. A use-after-free error exists within Pepper plug-in instantiation, float removal, media selectors, Skia, resource caching, HTML range handling, the frame loader, display box rendering, and when handling floating styles.
  12. An error exists with v8 when handling const lookups.