Google Chrome Multiple Vulnerabilities
Last Update Date:
9 Oct 2014 10:08
Release Date:
9 Oct 2014
4074
Views
RISK: High Risk
TYPE: Clients - Browsers
Multiple vulnerabilities have been identified in Google Chrome, which can be exploited by malicious people to disclose potentially sensitive information, bypass certain security restrictions, and compromise a vulnerable system.
- Some errors related to V8 and IPC can be exploited to execute arbitrary code outside the sandbox.
- An error in PDFium can be exploited to cause an out-of-bounds read access.
- A use-after-free error exists in Events, Rendering, DOM and Web Workers.
- A type confusion error exists in Session Management.
- An error within V8 and XSS Auditor can be exploited to disclose certain information.
- An error can be exploited to bypass permissions in sandbox.
- An error within V8 bindings can be exploited to cause a Release Assert.
Impact
- Remote Code Execution
- Security Restriction Bypass
- Information Disclosure
System / Technologies affected
- Versions prior to 38.0.2125.101
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Upgrade to version 38.0.2125.101.
Vulnerability Identifier
- CVE-2014-3188
- CVE-2014-3189
- CVE-2014-3190
- CVE-2014-3191
- CVE-2014-3192
- CVE-2014-3193
- CVE-2014-3194
- CVE-2014-3195
- CVE-2014-3196
- CVE-2014-3197
- CVE-2014-3198
- CVE-2014-3199
- CVE-2014-3200
Source
Related Link
Share with