Skip to main content

Google Chrome Multiple Vulnerabilities

Last Update Date: 27 Oct 2011 16:48 Release Date: 27 Oct 2011 5519 Views

RISK: High Risk

TYPE: Clients - Browsers

TYPE: Browsers

Multiple vulnerabilities have been identified in Google Chrome, which can be exploited by malicious people to bypass certain security restrictions, conduct spoofing attacks, conduct cross-site scripting attacks, and potentially compromise a user's system.

  1. An error within the history handling can be exploited to spoof the URL bar and display attacker controlled content while the browser presents the certificate of a trusted site.
  2. An error can be exploited to spoof the URL bar by e.g. tricking the user into performing a drag and drop operation on specially crafted content.
  3. An error is caused due to the application stripping whitespaces at the end of download filenames.
  4. Certain input passed to the appcache internals page is not properly sanitised before being displayed. This can be exploited to execute arbitrary HTML and script code in context of the appcache internals page.
  5. A race condition exists within the initialisation of worker processes.
  6. Various unspecified errors can be exploited to redirect to chrome scheme URIs, violate the cross-origin policy, and steal cookies.
  7. An unspecified error exists within the HTTP header delimiter handling.
  8. A use-after-free error exists within the media buffer handling, the counter handling, the video source handling, and plug-ins and editing.
  9. Various timing issues exist within the DOM traversal.
  10. Various issues related to stale styles can lead to use-after-free errors.
  11. Unspecified errors within v8 can be exploited to cause out-of-bounds writes.
  12. An error related to Web Audio can be exploited to cause a heap overflow.
  13. Internal v8 functions are exposed.

Impact

  • Cross-Site Scripting
  • Remote Code Execution
  • Security Restriction Bypass
  • Spoofing

System / Technologies affected

  • Google Chrome 14.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Upgrade to version 15.0.874.102.

Vulnerability Identifier


Source


Related Link