Skip to main content

Google Chrome Multiple Vulnerabilities

Last Update Date: 20 Sep 2011 11:48 Release Date: 20 Sep 2011 6250 Views

RISK: High Risk

TYPE: Clients - Browsers

TYPE: Browsers

Multiple vulnerabilities have been identified in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to conduct spoofing and cross-site scripting attacks, disclose sensitive information, bypass certain security restrictions, and compromise a user's system.

  1. A race condition exists within the certificate cache.
  2. An error within the Windows Media Player plugin can lead to unintended access to system Flash.
  3. An error exists within the v8 script object wrappers.
  4. An unspecified error can be exploited to display arbitrary content while showing the URL of a trusted web site in the address bar.
  5. An error exists within the garbage collection component of the PDF plugin.
  6. The security issue is caused due to the Mac installer creating lock files in an insecure manner. NOTE: This only affects the Mac version.
  7. An error within media buffers, box handling, the handling of Khmer and Tibetan characters, video handling and triangle arrays handling can be exploited to cause an out-of-bounds read.
  8. A use-after-free error exists within unload event handling, the document loader, the plug-in handler, ruby and table style handing, the focus controller and table style handling.
  9. An unspecified error when handling the forward button can be exploited to display arbitrary content while showing the URL of a trusted web site in the address bar.
  10. An off-by-one error exists within v8.
  11. An error within stylesheet handling can lead to a stale node.
  12. An unspecified error within v8 can be exploited to violate the cross-origin policy.
  13. A double free error exists within the handling of libxml XPath.
  14. An unspecified error can lead to incorrect permissions being assigned to non-gallery pages.
  15. An error within the PDF component can lead to a bad string read.
  16. An unspecified error can lead to unintended access of v8 built-in objects.
  17. A type confusion error exists within v8 object sealing.