copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
Search this site

On this site

 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login


ASB-2012.0096 - [Win][UNIX/Linux] Google Chrome: Multiple vulnerabilities

Date: 28 June 2012
References: ESB-2012.0705  ESB-2012.0737  ESB-2012.0874  ESB-2012.0885  ESB-2012.0894  ESB-2012.0898  ESB-2012.0900  ESB-2013.0116  ESB-2013.0143.6  ESB-2013.0391  
ESB-2013.0705  ESB-2013.1327  ESB-2013.1575  ESB-2014.0086  

Click here for printable version
Click here for PGP verifiable version
Hash: SHA1

                         AUSCERT Security Bulletin

     A number of vulnerabilities have been identified in Google Chrome
                               28 June 2012


        AusCERT Security Bulletin Summary

Product:              Google Chrome
Operating System:     Windows
                      UNIX variants (UNIX, Linux, OSX)
Impact/Access:        Execute Arbitrary Code/Commands -- Remote with User Interaction
                      Denial of Service               -- Remote with User Interaction
                      Access Confidential Data        -- Remote with User Interaction
                      Reduced Security                -- Unknown/Unspecified         
Resolution:           Patch/Upgrade
CVE Names:            CVE-2012-2834 CVE-2012-2833 CVE-2012-2832
                      CVE-2012-2831 CVE-2012-2830 CVE-2012-2829
                      CVE-2012-2828 CVE-2012-2827 CVE-2012-2826
                      CVE-2012-2825 CVE-2012-2824 CVE-2012-2823
                      CVE-2012-2822 CVE-2012-2821 CVE-2012-2820
                      CVE-2012-2819 CVE-2012-2818 CVE-2012-2817
                      CVE-2012-2816 CVE-2012-2815 CVE-2012-2807
Member content until: Saturday, July 28 2012


        A number of vulnerabilities have been identified in Google Chrome prior
        to 20.0.1132.43.[1]


        The following information is available on Google's website:
        "[118633] Low CVE-2012-2815: Leak of iframe fragment id. Credit to
        Elie Bursztein of Google.
        [Windows only] [119150] [119250] High CVE-2012-2816: Prevent sandboxed
        processes interfering with each other. Credit to Google Chrome Security
        Team (Justin Schuh).
        [$1000] [120222] High CVE-2012-2817: Use-after-free in table section
        handling. Credit to miaubiz.
        [$1000] [120944] High CVE-2012-2818: Use-after-free in counter layout.
        Credit to miaubiz.
        [120977] High CVE-2012-2819: Crash in texture handling. Credit to Ken
        gets Russell of the Chromium development community.
        [121926] Medium CVE-2012-2820: Out-of-bounds read in SVG filter
        handling. Credit to Atte Kettunen of OUSPG.
        [122925] Medium CVE-2012-2821: Autofill display problem. Credit to
        [various] Medium CVE-2012-2822: Misc. lower severity OOB read issues
        in PDF. Credit to awesome ASAN and various Googlers (Kostya Serebryany,
        Evgeniy Stepanov, Mateusz Jurczyk, Gynvael Coldwind).
        [$1000] [124356] High CVE-2012-2823: Use-after-free in SVG resource
        handling. Credit to miaubiz.
        [$1000] [125374] High CVE-2012-2824: Use-after-free in SVG painting.
        Credit to miaubiz.
        [128688] Medium CVE-2012-2826: Out-of-bounds read in texture
        conversion. Credit to Google Chrome Security Team (Inferno).
        [Mac only] [129826] Low CVE-2012-2827: Use-after-free in Mac UI. Credit
        to the Chromium development community (Dharani Govindan).
        [129857] High CVE-2012-2828: Integer overflows in PDF. Credit to
        Mateusz Jurczyk of Google Security Team and Google Chrome Security Team
        (Chris Evans).
        [$1000] [129947] High CVE-2012-2829: Use-after-free in first-letter
        handling. Credit to miaubiz.
        [$1000] [129951] High CVE-2012-2830: Wild pointer in array value
        setting. Credit to miaubiz.
        [Windows only] [130276] Low CVE-2012-2764: Unqualified load of metro
        DLL. Credit to Moshe Zioni of Comsec Consulting.
        [$1000] [130356] High CVE-2012-2831: Use-after-free in SVG reference
        handling. Credit to miaubiz.
        [131553] High CVE-2012-2832: Uninitialized pointer in PDF image codec.
        Credit to Mateusz Jurczyk of Google Security Team.
        [132156] High CVE-2012-2833: Buffer overflow in PDF JS API. Credit to
        Mateusz Jurczyk of Google Security Team.
        [$1000] [132779] High CVE-2012-2834: Integer overflow in Matroska
        container. Credit to Jri Aedla.
        [$500] [127417] Medium CVE-2012-2825: Wild read in XSL handling. Credit
        to Nicholas Gregoire.
        [64-bit Linux only] [$3000] [129930] High CVE-2012-2807: Integer
        overflows in libxml. Credit to Jri Aedla."[1]


        Users should update to the latest version of Chrome.[1]


        [1] Stable Channel Update

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

Australian Computer Emergency Response Team
The University of Queensland
Qld 4072

Internet Email:
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.