copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login





 

ASB-2012.0073 - [Win][UNIX/Linux] Google Chrome: Multiple vulnerabilities

Date: 16 May 2012
References: ESB-2012.0492  ESB-2012.0519  ESB-2012.0521  ESB-2012.0705  ESB-2012.0874  ESB-2012.0894  ESB-2012.0898  ESB-2013.0143.6  ESB-2013.1327  ESB-2014.0086  


Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2012.0073
     A number of vulnerabilities have been identified in Google Chrome
                                16 May 2012

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Google Chrome
Operating System:     UNIX variants (UNIX, Linux, OSX)
                      Windows
Impact/Access:        Execute Arbitrary Code/Commands -- Remote with User Interaction
                      Denial of Service               -- Remote with User Interaction
                      Provide Misleading Information  -- Remote with User Interaction
                      Unauthorised Access             -- Remote with User Interaction
Resolution:           Patch/Upgrade
CVE Names:            CVE-2011-3102 CVE-2011-3101 CVE-2011-3100
                      CVE-2011-3099 CVE-2011-3098 CVE-2011-3097
                      CVE-2011-3096 CVE-2011-3095 CVE-2011-3094
                      CVE-2011-3093 CVE-2011-3092 CVE-2011-3091
                      CVE-2011-3090 CVE-2011-3089 CVE-2011-3088
                      CVE-2011-3087 CVE-2011-3086 CVE-2011-3085
                      CVE-2011-3084 CVE-2011-3083 
Member content until: Friday, June 15 2012

OVERVIEW

        A number of vulnerabilities have been identified in Google Chrome prior
        to Chrome 19. [1]


IMPACT

        Google has provided the following information:
        
        "[112983] Low CVE-2011-3083: Browser crash with video + FTP. Credit to
        Aki Helin of OUSPG.
        [113496] Low CVE-2011-3084: Load links from internal pages in their own
        process. Credit to Brett Wilson of the Chromium development community.
        [118374] Medium CVE-2011-3085: UI corruption with long autofilled
        values. Credit to psaldorn.
        [$1000] [118642] High CVE-2011-3086: Use-after-free with style element.
        Credit to Arthur Gerkis.
        [118664] Low CVE-2011-3087: Incorrect window navigation. Credit to
        Charlie Reis of the Chromium development community.
        [$500] [120648] Medium CVE-2011-3088: Out-of-bounds read in hairline
        drawing. Credit to Aki Helin of OUSPG.
        [$1000] [120711] High CVE-2011-3089: Use-after-free in table handling.
        Credit to miaubiz.
        [$500] [121223] Medium CVE-2011-3090: Race condition with workers.
        Credit to Arthur Gerkis.
        [121734] High CVE-2011-3091: Use-after-free with indexed DB. Credit to
        Google Chrome Security Team (Inferno).
        [$1000] [122337] High CVE-2011-3092: Invalid write in v8 regex. Credit
        to Christian Holler.
        [$500] [122585] Medium CVE-2011-3093: Out-of-bounds read in glyph
        handling. Credit to miaubiz.
        [122586] Medium CVE-2011-3094: Out-of-bounds read in Tibetan handling.
        Credit to miaubiz.
        [$1000] [123481] High CVE-2011-3095: Out-of-bounds write in OGG
        container. Credit to Hannu Heikkinen.
        [Linux only] [123530] Low CVE-2011-3096: Use-after-free in GTK omnibox
        handling. Credit to Arthur Gerkis.
        [123733] [124182] High CVE-2011-3097: Out-of-bounds write in sampled
        functions with PDF. Credit to Kostya Serebryany of Google and Evgeniy
        Stepanov of Google.
        [Windows only] [124216] Low CVE-2011-3098: Bad search path for Windows
        Media Player plug-in. Credit to Haifei Li of Microsoft and MSVR
        (MSVR:159).
        [124479] High CVE-2011-3099: Use-after-free in PDF with corrupt font
        encoding name. Credit to Mateusz Jurczyk of Google Security Team and
        Gynvael Coldwind of Google Security Team.
        [124652] Medium CVE-2011-3100: Out-of-bounds read drawing dash paths.
        Credit to Google Chrome Security Team (Inferno).
        [Linux only] [$500] [118970] Medium CVE-2011-3101: Work around Linux
        Nvidia driver bug. Credit to Aki Helin of OUSPG.
        [$1500] [125462] High CVE-2011-3102: Off-by-one out-of-bounds write in
        libxml. Credit to Jri Aedla." [1]


MITIGATION

        Users should upgrade to Chrome 19. [1]


REFERENCES

        [1] Stable Channel Update
            http://googlechromereleases.blogspot.com.au/search/label/Stable%20updates

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBT7NGPO4yVqjM2NGpAQJmpQ//Z6Lz6nis4bS1tuw/dcwtXG9HEeojWJBP
n4IZLjqLjQq+/CQG5J9pdcl6PUjJWtha8aZ5GWvJTTxTU6cE1J9irZF6HYu8/8HK
9hUH/MQQeeD+XB54lz7VCw9qPneULpg0pYLDfnsCFEOy6dQafC635UbHFCxe+/G8
xcM5Zrp04oy+pLFFRgVxEzLIheqDhqRGKdmGrZWulRBvO+MFBVyxOU+FoyW5+K7P
xIP5r99FDkd1LXfLODDjUeGKodXhn3TAithTJuNNeOWmm0wOqipJae0VSjTKUn1u
eEUfv6NLcud7XpPJ6eVhhd56UdOtuL2ZVgQgNtGQjQKWPuzc/hi1veVdWw6iEfZe
UWiXSPvKpzsyNJ4BijlWKFlyaZvWNIZxbBjKQREPY4yfBzPD/61lPD5mTXAfUpBi
oQ4rN8z0PfHeJgYDkvntBmJ1szIpLRO994Rvp2aKAUnZ6up4C9bxu/3hqEZd8w5E
81wydyp6mZFdK3uJ1rV8T2prUrhYqA67seeCilNOcrYCDzTHZyu9qXZyjCy73zJi
5GuJFVuWmsCwk5MurL74l7f1XvjH6PlTiTEluII5QwpgQtwCdwiUFnzbxmumcmFV
cVjlnKKfZbIP6vnPYLqRbfJoeNsZ1dve+ZdE0WDHOrkXYWcuiUQAmYG6lEEg0x7o
zs2kcvVyS40=
=O8rr
-----END PGP SIGNATURE-----