SB2011082903 - Multiple vulnerabilities in Techland Chrome

Description

This security bulletin contains information about 8 secuirty vulnerabilities.

1) Double Free (CVE-ID: CVE-2011-2821)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Double free vulnerability in libxml2, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted XPath expression.

2) Use-after-free (CVE-ID: CVE-2011-2823)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing vectors involving a line box. A remote attackers can cause a denial of service or possibly have unspecified other impact.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

3) Use-after-free (CVE-ID: CVE-2011-2824)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing vectors involving counter nodes. A remote attackers can cause a denial of service or possibly have unspecified other impact.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

4) Use-after-free (CVE-ID: CVE-2011-2825)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing vectors involving custom fonts. A remote attackers can cause a denial of service or possibly have unspecified other impact.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

5) Input validation error (CVE-ID: CVE-2011-2826)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Google Chrome before 13.0.782.215 allows remote attackers to bypass the Same Origin Policy via vectors related to empty origins.

6) Use-after-free (CVE-ID: CVE-2011-2827)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing vectors related to text searching. A remote attackers can cause a denial of service or possibly have unspecified other impact.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

7) Out-of-bounds write (CVE-ID: CVE-2011-2828)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Google V8, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write.

8) Integer overflow (CVE-ID: CVE-2011-2829)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Integer overflow in Google Chrome before 13.0.782.215 on 32-bit platforms allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving uniform arrays.

Remediation

Install update from vendor's website.

References

• http://code.google.com/p/chromium/issues/detail?id=89402
• http://googlechromereleases.blogspot.com/2011/08/stable-channel-update_22.html
• http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
• http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
• http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
• http://rhn.redhat.com/errata/RHSA-2013-0217.html
• http://support.apple.com/kb/HT5281
• http://support.apple.com/kb/HT5503
• http://www.debian.org/security/2012/dsa-2394
• http://www.mandriva.com/security/advisories?name=MDVSA-2011:145
• http://www.redhat.com/support/errata/RHSA-2011-1749.html
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13840
• http://code.google.com/p/chromium/issues/detail?id=82552
• http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html
• http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html
• http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html
• http://support.apple.com/kb/HT4981
• http://support.apple.com/kb/HT4999
• http://support.apple.com/kb/HT5000
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13789
• http://code.google.com/p/chromium/issues/detail?id=88216
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14585
• http://code.google.com/p/chromium/issues/detail?id=88670
• http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html
• http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html
• http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html
• http://secunia.com/advisories/48274
• http://secunia.com/advisories/48288
• http://secunia.com/advisories/48377
• http://www.securitytracker.com/id?1026774
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14421
• http://code.google.com/p/chromium/issues/detail?id=89453
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14383
• http://code.google.com/p/chromium/issues/detail?id=90668
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14134
• http://code.google.com/p/chromium/issues/detail?id=91517
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14265
• http://code.google.com/p/chromium/issues/detail?id=91598
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14516