Google Chrome Multiple Vulnerabilities
Last Update Date:
15 Nov 2011 12:22
Release Date:
15 Nov 2011
5679
Views
RISK: High Risk
TYPE: Clients - Browsers
Multiple vulnerabilities have been identified in Google Chrome, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.
The application bundles a vulnerable version of the Adobe Flash player.
For details, please refer to HKCERT security bulletin.- A double free error exists in the Theora decoder.
- Some errors in the MKV and Vorbis media handlers can be exploited to perform an out of bounds read.
- An error due to a regression within the VP8 decoding functionality can be exploited to corrupt memory.
- An error in the Vorbis decoder can be exploited to cause a heap-based buffer overflow.
- An error in the shader variable mapping can be exploited to cause a buffer overflow.
- A use-after-free error exists within certain editing functionality.
- The application fails to ask for permission when running some JRE7 applets.
Impact
- Remote Code Execution
- Security Restriction Bypass
System / Technologies affected
- Google Chrome 15.x
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Update to version 15.0.874.120.
Vulnerability Identifier
- CVE-2011-2445
- CVE-2011-2450
- CVE-2011-2451
- CVE-2011-2452
- CVE-2011-2453
- CVE-2011-2454
- CVE-2011-2455
- CVE-2011-2456
- CVE-2011-2457
- CVE-2011-2458
- CVE-2011-2459
- CVE-2011-2460
- CVE-2011-3892
- CVE-2011-3893
- CVE-2011-3894
- CVE-2011-3895
- CVE-2011-3896
- CVE-2011-3897
- CVE-2011-3898
Source
Related Link
Share with