SB2011062901 - Multiple vulnerabilities in Techland Chrome

Description

This security bulletin contains information about 7 secuirty vulnerabilities.

1) Out-of-bounds read (CVE-ID: CVE-2011-2345)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The NPAPI implementation in Google Chrome before 12.0.742.112 does not properly handle strings, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

2) Use-after-free (CVE-ID: CVE-2011-2346)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing vectors involving SVG fonts. A remote attackers can cause a denial of service or possibly have unspecified other impact.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

3) Buffer overflow (CVE-ID: CVE-2011-2347)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Google Chrome before 12.0.742.112 does not properly handle Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

4) Buffer overflow (CVE-ID: CVE-2011-2348)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Google V8, as used in Google Chrome before 12.0.742.112, performs an incorrect bounds check, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

5) Use-after-free (CVE-ID: CVE-2011-2349)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing vectors related to text selection. A remote attackers can cause a denial of service or possibly have unspecified other impact.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

6) Input validation error (CVE-ID: CVE-2011-2350)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The HTML parser in Google Chrome before 12.0.742.112 does not properly address "lifetime and re-entrancy issues," which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

7) Use-after-free (CVE-ID: CVE-2011-2351)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing vectors involving SVG use elements. A remote attackers can cause a denial of service or possibly have unspecified other impact.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Remediation

Install update from vendor's website.

References

• http://code.google.com/p/chromium/issues/detail?id=77493
• http://googlechromereleases.blogspot.com/2011/06/stable-channel-update_28.html
• http://secunia.com/advisories/45097
• http://www.securitytracker.com/id?1025730
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14411
• http://code.google.com/p/chromium/issues/detail?id=84355
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14103
• http://code.google.com/p/chromium/issues/detail?id=85003
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14649
• http://code.google.com/p/chromium/issues/detail?id=85177
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14324
• http://code.google.com/p/chromium/issues/detail?id=85418
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14712
• http://code.google.com/p/chromium/issues/detail?id=85102
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14479
• http://code.google.com/p/chromium/issues/detail?id=85211
• http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html
• http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html
• http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html
• http://support.apple.com/kb/HT4981
• http://support.apple.com/kb/HT4999
• http://support.apple.com/kb/HT5000
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14053