SB2012062703 - Multiple vulnerabilities in Techland Chrome

Description

This security bulletin contains information about 17 secuirty vulnerabilities.

1) Input validation error (CVE-ID: CVE-2012-2822)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The PDF functionality in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

2) Use-after-free (CVE-ID: CVE-2012-2823)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing vectors related to SVG resources. A remote attackers can cause a denial of service or possibly have unspecified other impact.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

3) Input validation error (CVE-ID: CVE-2012-2825)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The XSL implementation in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service (incorrect read operation) via unspecified vectors.

4) Input validation error (CVE-ID: CVE-2012-2826)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

Google Chrome before 20.0.1132.43 does not properly implement texture conversion, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

5) Input validation error (CVE-ID: CVE-2012-2828)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Multiple integer overflows in the PDF functionality in Google Chrome before 20.0.1132.43 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.

6) Use-after-free (CVE-ID: CVE-2012-2829)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing vectors related to the :first-letter pseudo-element. A remote attackers can cause a denial of service or possibly have unspecified other impact.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

7) Input validation error (CVE-ID: CVE-2012-2830)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Google Chrome before 20.0.1132.43 does not properly set array values, which allows remote attackers to cause a denial of service (incorrect pointer use) or possibly have unspecified other impact via unknown vectors.

8) Use-after-free (CVE-ID: CVE-2012-2831)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing vectors related to SVG references. A remote attackers can cause a denial of service or possibly have unspecified other impact.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

9) Input validation error (CVE-ID: CVE-2012-2832)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The image-codec implementation in the PDF functionality in Google Chrome before 20.0.1132.43 does not initialize an unspecified pointer, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.

10) Buffer overflow (CVE-ID: CVE-2012-2833)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Buffer overflow in the JS API in the PDF functionality in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

11) Input validation error (CVE-ID: CVE-2012-2834)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Integer overflow in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted data in the Matroska container format.

12) Information disclosure (CVE-ID: CVE-2012-2815)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

Google Chrome before 20.0.1132.43 allows remote attackers to obtain potentially sensitive information from a fragment identifier by leveraging access to an IFRAME element associated with a different domain.

13) Use-after-free (CVE-ID: CVE-2012-2817)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing vectors related to tables that have sections. A remote attackers can cause a denial of service or possibly have unspecified other impact.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

14) Use-after-free (CVE-ID: CVE-2012-2818)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing vectors related to the layout of documents that use the Cascading Style Sheets (CSS) counters feature. A remote attackers can cause a denial of service or possibly have unspecified other impact.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

15) Input validation error (CVE-ID: CVE-2012-2819)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The texSubImage2D implementation in the WebGL subsystem in Google Chrome before 20.0.1132.43 does not properly handle uploads to floating-point textures, which allows remote attackers to cause a denial of service (assertion failure and application crash) or possibly have unspecified other impact via a crafted web page, as demonstrated by certain WebGL performance tests, aka rdar problem 11520387.

16) Input validation error (CVE-ID: CVE-2012-2820)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

Google Chrome before 20.0.1132.43 does not properly implement SVG filters, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

17) Input validation error (CVE-ID: CVE-2012-2821)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The autofill implementation in Google Chrome before 20.0.1132.43 does not properly display text, which has unspecified impact and remote attack vectors.

Remediation

Install update from vendor's website.

References

• http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15166
• http://code.google.com/p/chromium/issues/detail?id=124356
• https://hermes.opensuse.org/messages/15075728
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15204
• http://code.google.com/p/chromium/issues/detail?id=127417
• http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html
• http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html
• http://secunia.com/advisories/54886
• http://support.apple.com/kb/HT5934
• http://support.apple.com/kb/HT6001
• https://www.suse.com/support/update/announcement/2013/suse-su-20131654-1.html
• https://www.suse.com/support/update/announcement/2013/suse-su-20131656-1.html
• http://code.google.com/p/chromium/issues/detail?id=128688
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15511
• http://code.google.com/p/chromium/issues/detail?id=129857
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15287
• http://code.google.com/p/chromium/issues/detail?id=129947
• http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html
• http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html
• http://support.apple.com/kb/HT5485
• http://support.apple.com/kb/HT5502
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15144
• http://code.google.com/p/chromium/issues/detail?id=129951
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15483
• http://code.google.com/p/chromium/issues/detail?id=130356
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14708
• http://code.google.com/p/chromium/issues/detail?id=131553
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15455
• http://code.google.com/p/chromium/issues/detail?id=132156
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15584
• http://code.google.com/p/chromium/issues/detail?id=132779
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15444
• http://code.google.com/p/chromium/issues/detail?id=118633
• http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html
• http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
• http://support.apple.com/kb/HT5400
• http://support.apple.com/kb/HT5503
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15662
• http://code.google.com/p/chromium/issues/detail?id=120222
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15264
• http://code.google.com/p/chromium/issues/detail?id=120944
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14771
• http://code.google.com/p/chromium/issues/detail?id=120977
• http://trac.webkit.org/changeset/117191
• http://trac.webkit.org/changeset/118410
• https://bugs.webkit.org/show_bug.cgi?id=85942
• https://chromiumcodereview.appspot.com/10444013
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14938
• http://code.google.com/p/chromium/issues/detail?id=121926
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15468
• http://code.google.com/p/chromium/issues/detail?id=122925
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15565