SB2012032201 - Multiple vulnerabilities in Techland Chrome

Description

This security bulletin contains information about 8 secuirty vulnerabilities.

1) Out-of-bounds read (CVE-ID: CVE-2011-3059)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Google Chrome before 18.0.1025.142 does not properly handle SVG text elements, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

2) Out-of-bounds read (CVE-ID: CVE-2011-3060)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Google Chrome before 18.0.1025.142 does not properly handle text fragments, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

3) Improper Certificate Validation (CVE-ID: CVE-2011-3061)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Google Chrome before 18.0.1025.142 does not properly check X.509 certificates before use of a SPDY proxy, which might allow man-in-the-middle attackers to spoof servers or obtain sensitive information via a crafted certificate.

4) Incorrect calculation (CVE-ID: CVE-2011-3062)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Off-by-one error in the OpenType Sanitizer in Google Chrome before 18.0.1025.142 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted OpenType file.

5) Input validation error (CVE-ID: CVE-2011-3063)

The vulnerability allows a remote non-authenticated attacker to manipulate data.

Google Chrome before 18.0.1025.142 does not properly validate the renderer's navigation requests, which has unspecified impact and remote attack vectors.

6) Use-after-free (CVE-ID: CVE-2011-3064)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing vectors related to SVG clipping. A remote attackers can cause a denial of service or possibly have unspecified other impact.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

7) Integer overflow (CVE-ID: CVE-2011-3065)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Skia, as used in Google Chrome before 18.0.1025.142, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

8) Buffer overflow (CVE-ID: CVE-2011-3052)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The WebGL implementation in Google Chrome before 17.0.963.83 does not properly handle CANVAS elements, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

Remediation

Install update from vendor's website.

References

• http://code.google.com/p/chromium/issues/detail?id=112317
• http://googlechromereleases.blogspot.com/2012/03/stable-channel-release-and-beta-channel.html
• http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html
• http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html
• http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
• http://secunia.com/advisories/48618
• http://secunia.com/advisories/48691
• http://secunia.com/advisories/48763
• http://support.apple.com/kb/HT5400
• http://support.apple.com/kb/HT5485
• http://support.apple.com/kb/HT5503
• http://www.securityfocus.com/bid/52762
• http://www.securitytracker.com/id?1026877
• https://exchange.xforce.ibmcloud.com/vulnerabilities/74409
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15200
• http://code.google.com/p/chromium/issues/detail?id=114056
• https://exchange.xforce.ibmcloud.com/vulnerabilities/74410
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15364
• http://code.google.com/p/chromium/issues/detail?id=116398
• http://osvdb.org/80739
• https://exchange.xforce.ibmcloud.com/vulnerabilities/74411
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14849
• http://code.google.com/p/chromium/issues/detail?id=116524
• http://osvdb.org/80740
• http://secunia.com/advisories/48972
• http://secunia.com/advisories/49047
• http://secunia.com/advisories/49055
• http://www.mandriva.com/security/advisories?name=MDVSA-2012:066
• http://www.mandriva.com/security/advisories?name=MDVSA-2012:081
• http://www.mozilla.org/security/announce/2012/mfsa2012-31.html
• https://bugzilla.mozilla.org/show_bug.cgi?id=739925
• https://exchange.xforce.ibmcloud.com/vulnerabilities/74412
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15488
• http://code.google.com/p/chromium/issues/detail?id=117417
• https://exchange.xforce.ibmcloud.com/vulnerabilities/74413
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15226
• http://code.google.com/p/chromium/issues/detail?id=117471
• http://osvdb.org/80742
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14755
• http://code.google.com/p/chromium/issues/detail?id=117588
• http://osvdb.org/80743
• https://exchange.xforce.ibmcloud.com/vulnerabilities/74415
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15415
• http://code.google.com/p/chromium/issues/detail?id=116637
• http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html
• http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00000.html
• http://osvdb.org/80290
• http://secunia.com/advisories/48512
• http://secunia.com/advisories/48527
• http://security.gentoo.org/glsa/glsa-201203-19.xml
• http://www.securityfocus.com/bid/52674
• http://www.securitytracker.com/id?1026841
• https://exchange.xforce.ibmcloud.com/vulnerabilities/74212
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14819