SB2013030502 - Multiple vulnerabilities in Techland Chrome

Description

This security bulletin contains information about 10 secuirty vulnerabilities.

1) Improper Authentication (CVE-ID: CVE-2013-0910)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Google Chrome before 25.0.1364.152 does not properly manage the interaction between the browser process and renderer processes during authorization of the loading of a plug-in, which makes it easier for remote attackers to bypass intended access restrictions via vectors involving a blocked plug-in.

2) Path traversal (CVE-ID: CVE-2013-0911)

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences in Google Chrome before 25.0.1364.152. A remote authenticated attacker can send a specially crafted HTTP request and remote attackers to have an unspecified impact via vectors related to databases.

3) Use-after-free (CVE-ID: CVE-2013-0902)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing unknown vectors. A remote attackers can cause a denial of service or possibly have unspecified other impact.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

4) Use-after-free (CVE-ID: CVE-2013-0903)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing vectors related to the handling of browser navigation. A remote attackers can cause a denial of service or possibly have unspecified other impact.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

5) Buffer overflow (CVE-ID: CVE-2013-0904)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The Web Audio implementation in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

6) Use-after-free (CVE-ID: CVE-2013-0905)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing vectors involving an SVG animation. A remote attackers can cause a denial of service or possibly have unspecified other impact.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

7) Buffer overflow (CVE-ID: CVE-2013-0906)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The IndexedDB implementation in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

8) Race condition (CVE-ID: CVE-2013-0907)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Race condition in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of media threads.

9) Input validation error (CVE-ID: CVE-2013-0908)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Google Chrome before 25.0.1364.152 does not properly manage bindings of extension processes, which has unspecified impact and attack vectors.

10) Cross-site scripting (CVE-ID: CVE-2013-0909)

The vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data when processing data passed via unspecified vectors. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Remediation

Install update from vendor's website.

References

• http://googlechromereleases.blogspot.com/2013/03/stable-channel-update_4.html
• https://code.google.com/p/chromium/issues/detail?id=172573
• https://codereview.chromium.org/12086077
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16574
• https://src.chromium.org/viewvc/chrome?view=rev&revision=180103
• https://code.google.com/p/chromium/issues/detail?id=172264
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16377
• https://code.google.com/p/chromium/issues/detail?id=176882
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16439
• https://code.google.com/p/chromium/issues/detail?id=176252
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16661
• https://code.google.com/p/chromium/issues/detail?id=172331
• https://code.google.com/p/chromium/issues/detail?id=172926
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16042
• https://code.google.com/p/chromium/issues/detail?id=168982
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16495
• https://code.google.com/p/chromium/issues/detail?id=174895
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16653
• https://code.google.com/p/chromium/issues/detail?id=174150
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16633
• https://code.google.com/p/chromium/issues/detail?id=174059
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16369
• https://code.google.com/p/chromium/issues/detail?id=173906
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16132