Google Chrome Multiple Vulnerabilities
Last Update Date:
2 Aug 2012 18:30
Release Date:
2 Aug 2012
4445
Views
RISK: High Risk
TYPE: Clients - Browsers
Multiple vulnerabilities have been identified in Google Chrome, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.
- An error when handling renders can be exploited to bypass the cross-process policy and cause interference. This vulnerability affect the Linux platform only.
- The application does not properly re-prompt the user when downloading multiple files and can be exploited to trick the user into downloading a malicious file.
- An error when handling drag and drop events can be exploited to access certain restricted files.
- Multiple errors including integer overflow, use-after-free and out-of-bounds write error exist within the PDF viewer.
- A use-after-free error exists when handling object linkage in PDFs and CSS DOM objects.
- An error within the "webRequest" module can be exploited to cause interference with the Chrome Web Store.
- An error within the WebP decoder can be exploited to cause a buffer overflow.
- An unspecified error exists within tab handling. This vulnerability affect the Linux platform only.
- An out-of-bounds access error exists when clicking in date picker.
Impact
- Remote Code Execution
- Security Restriction Bypass
System / Technologies affected
- Google Chrome 20.x
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Upgrade to a fixed version.
http://googlechromereleases.blogspot.com/2012/07/stable-channel-release.html
Vulnerability Identifier
- CVE-2012-2846
- CVE-2012-2847
- CVE-2012-2848
- CVE-2012-2849
- CVE-2012-2850
- CVE-2012-2851
- CVE-2012-2852
- CVE-2012-2853
- CVE-2012-2854
- CVE-2012-2855
- CVE-2012-2856
- CVE-2012-2857
- CVE-2012-2858
- CVE-2012-2859
- CVE-2012-2860
Source
Related Link
Share with