exploit the possibilities

Secunia Security Advisory 46049

Secunia Security Advisory 46049
Posted Nov 14, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue and some vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to conduct spoofing and cross-site scripting attacks, disclose sensitive information, bypass certain security restrictions, and compromise a user's system.

tags | advisory, spoof, vulnerability, xss
MD5 | 863051aab7feaed48e276559e5afe49c

Secunia Security Advisory 46049

Change Mirror Download
----------------------------------------------------------------------

SC World Congress, New York, USA, 16 November 2011
Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs:

http://secunia.com/resources/events/sc_2011/

----------------------------------------------------------------------

TITLE:
Google Chrome Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA46049

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/46049/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=46049

RELEASE DATE:
2011-09-19

DISCUSS ADVISORY:
http://secunia.com/advisories/46049/#comments

AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)

http://secunia.com/advisories/46049/

ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS

https://ca.secunia.com/?page=viewadvisory&vuln_id=46049

ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING

http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

DESCRIPTION:
A security issue and some vulnerabilities have been reported in
Google Chrome, where some have an unknown impact and others can be
exploited by malicious people to conduct spoofing and cross-site
scripting attacks, disclose sensitive information, bypass certain
security restrictions, and compromise a user's system.

1) A race condition exists within the certificate cache.

2) An error within the Windows Media Player plugin can lead to
unintended access to system Flash.

3) An error exists within the v8 script object wrappers.

4) An unspecified error can be exploited to display arbitrary content
while showing the URL of a trusted web site in the address bar.

5) An error in the garbage collection component of the PDF plugin can
be exploited to corrupt memory.

6) The security issue is caused due to the Mac installer creating
lock files in an insecure manner.

NOTE: This only affects the Mac version.

7) An error within media buffers can be exploited to cause an
out-of-bounds read.

8) A use-after-free error exists within unload event handling.

9) A use-after-free error exists within the document loader.

10) An unspecified error when handling the forward button can be
exploited to display arbitrary content while showing the URL of a
trusted web site in the address bar.

11) An error within box handling can be exploited to cause an
out-of-bounds read.

12) An error within the handling of Khmer characters can be exploited
to cause an out-of-bounds read.

13) An error within video handling can be exploited to cause an
out-of-bounds read.

14) An off-by-one error exists within v8.

15) A use-after-free error exists within the plug-in handler.

16) A use-after-free error exists within ruby and table style
handing.

17) An error within stylesheet handling can lead to a stale node.

18) An unspecified error within v8 can be exploited to violate the
cross-origin policy.

19) A use-after-free error exists within the focus controller.

20) A double free error exists within the handling of libxml XPath.

21) An unspecified error can lead to incorrect permissions being
assigned to non-gallery pages.

22) A use-after-free error exists within table style handling.

23) An error within the PDF component can lead to a bad string read.

24) An unspecified error can lead to unintended access of v8 built-in
objects.

25) An error when handling Tibetan characters can be exploited to
cause an out-of-bounds read.

26) An error when handling triangle arrays can be exploited to cause
an out-of-bounds read.

27) A type confusion error exists within v8 object sealing.

SOLUTION:
Upgrade to version 14.0.835.163.

PROVIDED AND/OR DISCOVERED BY:
5) Mario Gomes (C4SS!0 G0M3S).
10) Jordi Chancel.

The vendor credits:
1) Ryan Sleevi, Chromium development community.
2) electronixtar.
3, 7) Kostya Serebryany, Chromium development community.
4) kuzzcc.
6) Aaron Sigel, vtty.com.
8, 17) Arthur Gerkis.
9, 11, 12, 19, 22) miaubiz.
13, 25, 26) Inferno, Google Chrome Security Team.
14, 27) Christian Holler.
15) SkyLined, Google Chrome Security Team.
16) Slawomir Blazek, miaubiz, and Inferno, Google Chrome Security
Team.
18) Daniel Divricean.
20) Yang Dingning, NCNIPC, Graduate University of Chinese Academy of
Sciences.
21) Bernhard 'Bruhns' Brehm, Recurity Labs.
23) Aki Helin, OUSPG.
24) Sergey Glazunov.

ORIGINAL ADVISORY:
Google:
http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html

Jordi Chancel:
http://www.alternativ-testing.fr/blog/index.php?post/2011/Google-Chrome-Webkit-URL-Bar-Spoofing-SSL/TLS-Spoofing

Mario Gomes:
http://net-fuzzer.blogspot.com/2011/10/google-chrome-140835163-pdf-file.html

OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/

DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/

EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/

EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/

EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

October 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    24 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    7 Files
  • 4
    Oct 4th
    4 Files
  • 5
    Oct 5th
    10 Files
  • 6
    Oct 6th
    1 Files
  • 7
    Oct 7th
    21 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    5 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    17 Files
  • 12
    Oct 12th
    4 Files
  • 13
    Oct 13th
    4 Files
  • 14
    Oct 14th
    15 Files
  • 15
    Oct 15th
    19 Files
  • 16
    Oct 16th
    25 Files
  • 17
    Oct 17th
    17 Files
  • 18
    Oct 18th
    7 Files
  • 19
    Oct 19th
    1 Files
  • 20
    Oct 20th
    1 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close