Skip to main content

Google Chrome Multiple Vulnerabilities

Last Update Date: 27 Sep 2012 16:28 Release Date: 27 Sep 2012 5033 Views

RISK: High Risk

TYPE: Clients - Browsers

TYPE: Browsers

Multiple vulnerabilities have been identified in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a user's system.

  1. Certain unspecified input related to frame handling and within v8 bindings is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
  2. An error exists within plugin handling and can be exploited to cause DOM tree corruption.
  3. An error due to SSE2 optimizations can be exploited to cause a buffer overflow.
  4. Some errors within Skia and the PDF viewer, and can be exploited to cause an out-of-bounds write.
  5. A use-after-free error exists within onclick handling, the plug-in handling and the PDF viewer, and related to SVG text references.
  6. An integer overflow error exists related to WebGL handling.
  7. An unspecified error can be exploited to cause DOM topology corruption.
  8. Some weaknesses exist in the PDF viewer.
  9. A race condition exists when handling plug-in paint buffers.
  10. An error when handling OGG containers can be exploited to reference an invalid pointer.
  11. A double-free error exists on exit and within XSL transforms.
  12. An unspecified error exists and can be exploited to bypass the pop-up block.

 


Impact

  • Cross-Site Scripting
  • Remote Code Execution
  • Security Restriction Bypass

System / Technologies affected

  • Google Chrome 21.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Upgrade to version 22.0.1229.79.

Vulnerability Identifier


Source


Related Link