SB2012092602 - Multiple vulnerabilities in Techland Chrome
Published: September 26, 2012 Updated: January 25, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 7 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2012-2892)
The vulnerability allows a remote non-authenticated attacker to manipulate data.
Unspecified vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to bypass the pop-up blocker via unknown vectors.
2) Resource management error (CVE-ID: CVE-2012-2893)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Double free vulnerability in libxslt, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XSL transforms.
3) Resource management error (CVE-ID: CVE-2012-2894)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google Chrome before 22.0.1229.79 does not properly handle graphics-context data structures, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors.
4) Buffer overflow (CVE-ID: CVE-2012-2895)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The PDF functionality in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger out-of-bounds write operations.
5) Input validation error (CVE-ID: CVE-2012-2875)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Multiple unspecified vulnerabilities in the PDF functionality in Google Chrome before 22.0.1229.79 allow remote attackers to have an unknown impact via a crafted document.
6) Use-after-free (CVE-ID: CVE-2012-2890)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing a crafted document. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
7) Information disclosure (CVE-ID: CVE-2012-2891)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The IPC implementation in Google Chrome before 22.0.1229.79 allows attackers to obtain potentially sensitive information about memory addresses via unspecified vectors.
Remediation
Install update from vendor's website.
References
- http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html
- http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00012.html
- https://code.google.com/p/chromium/issues/detail?id=144704
- https://exchange.xforce.ibmcloud.com/vulnerabilities/78843
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15807
- http://git.chromium.org/gitweb/?p=chromium.git;a=commit;h=9a5da8e7d4b6f3454614b0331a51bf29c966f556
- http://secunia.com/advisories/50838
- http://www.debian.org/security/2012/dsa-2555
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:164
- https://chromiumcodereview.appspot.com/10919019
- https://code.google.com/p/chromium/issues/detail?id=144799
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15714
- https://src.chromium.org/viewvc/chrome?view=rev&revision=154331
- https://code.google.com/p/chromium/issues/detail?id=144899
- https://exchange.xforce.ibmcloud.com/vulnerabilities/78830
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15855
- https://code.google.com/p/chromium/issues/detail?id=145029
- https://code.google.com/p/chromium/issues/detail?id=145157
- https://code.google.com/p/chromium/issues/detail?id=146460
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15773
- https://code.google.com/p/chromium/issues/detail?id=134955
- https://code.google.com/p/chromium/issues/detail?id=135488
- https://code.google.com/p/chromium/issues/detail?id=137106
- https://code.google.com/p/chromium/issues/detail?id=137288
- https://code.google.com/p/chromium/issues/detail?id=137302
- https://code.google.com/p/chromium/issues/detail?id=137547
- https://code.google.com/p/chromium/issues/detail?id=137556
- https://code.google.com/p/chromium/issues/detail?id=137606
- https://code.google.com/p/chromium/issues/detail?id=137635
- https://code.google.com/p/chromium/issues/detail?id=137880
- https://code.google.com/p/chromium/issues/detail?id=137928
- https://code.google.com/p/chromium/issues/detail?id=144579
- https://code.google.com/p/chromium/issues/detail?id=145079
- https://code.google.com/p/chromium/issues/detail?id=145121
- https://code.google.com/p/chromium/issues/detail?id=145163
- https://code.google.com/p/chromium/issues/detail?id=146462
- https://exchange.xforce.ibmcloud.com/vulnerabilities/78836
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15627
- https://code.google.com/p/chromium/issues/detail?id=143798
- https://code.google.com/p/chromium/issues/detail?id=144072
- https://code.google.com/p/chromium/issues/detail?id=147402
- https://exchange.xforce.ibmcloud.com/vulnerabilities/78841
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15766
- https://code.google.com/p/chromium/issues/detail?id=144051
- https://exchange.xforce.ibmcloud.com/vulnerabilities/78842
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15484