-----BEGIN PGP SIGNED MESSAGE-----
AUSCERT Security Bulletin
Google have released an update for Chrome, correcting
several security vulnerabilities
17 January 2011
AusCERT Security Bulletin Summary
Product: Google Chrome prior to 8.0.552.237
Operating System: Windows
Mac OS X
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Denial of Service -- Remote with User Interaction
CVE Names: CVE-2011-0485 CVE-2011-0484 CVE-2011-0483
CVE-2011-0482 CVE-2011-0481 CVE-2011-0480
CVE-2011-0479 CVE-2011-0478 CVE-2011-0477
CVE-2011-0476 CVE-2011-0475 CVE-2011-0474
CVE-2011-0473 CVE-2011-0472 CVE-2011-0471
Member content until: Sunday, February 13 2011
Revision History: January 17 2011: Added CVE references
January 14 2011: Initial Release
Google have released an update for Chrome, correcting several security
The vendor has provided the following information regarding these
"*  Medium Browser crash in extensions notification handling.
Credit to Eric Roman of the Chromium development community.
* [$1337]  High Bad pointer handling in node iteration.
Credit to Sergey Glazunov.
*  High Crashes when printing multi-page PDFs. Credit to
Google Chrome Security Team (Chris Evans).
* [$1000]  High Stale pointer with CSS + canvas. Credit to
* [$500]  High Stale pointer with CSS + cursors. Credit to
*  High Use after free in PDF page handling. Credit to Google
Chrome Security Team (Chris Evans).
* [$1000]  High Stack corruption after PDF out-of-memory
condition. Credit to Jared Allar of CERT.
* [$1000]  High Bad memory access with mismatched video frame
sizes. Credit to Aki Helin of OUSPG; plus independent discovery by
Google Chrome Security Team (SkyLined) and David Warren of CERT.
* [$500]  High Stale pointer with SVG use element. Credited
anonymously; plus indepdent discovery by miaubiz.
* [$1000]  Medium Uninitialized pointer in the browser
triggered by rogue extension. Credit to kuzzcc.
* [$1000]  High Vorbis decoder buffer overflows. Credit to
David Warren of CERT.
* [$1000]  High Buffer overflow in PDF shading. Credit to
Aki Helin of OUSPG.
* [$1000]  High Bad cast in anchor handling. Credit to Sergey
* [$1000]  High Bad cast in video handling. Credit to Sergey
* [$1000]  High Stale rendering node after DOM node removal.
Credit to Martin Barbella; plus independent discovery by Google
Chrome Security Team (SkyLined).
* [$3133.7]  Critical Stale pointer in speech handling. Credit
to Sergey Glazunov." 
The latest version of Google Chrome (currently 8.0.552.237) can be
downloaded from the vendor's website. 
The update can also be applied from within Google Chrome using
the built in update feature.
 Chrome Stable Release
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
Australian Computer Emergency Response Team
The University of Queensland
Internet Email: email@example.com
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----