-----BEGIN PGP SIGNED MESSAGE-----
AUSCERT Security Bulletin
New Google Chrome released fixing fourteen vulnerabilities
10 June 2011
AusCERT Security Bulletin Summary
Product: Google Chrome
Operating System: Windows
UNIX variants (UNIX, Linux, OSX)
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Denial of Service -- Remote with User Interaction
Access Confidential Data -- Remote with User Interaction
CVE Names: CVE-2011-2342 CVE-2011-2332 CVE-2011-1819
CVE-2011-1818 CVE-2011-1817 CVE-2011-1816
CVE-2011-1815 CVE-2011-1814 CVE-2011-1813
CVE-2011-1812 CVE-2011-1811 CVE-2011-1810
Member content until: Sunday, July 10 2011
Google has released an update to Chrome to correct multiple
vulnerabilities. Google Chrome is now version 12.0.742.91.
High CVE-2011-1808: Use-after-free due to integer issues in float
handling. Credit to miaubiz. 
Medium CVE-2011-1809: Use-after-free in accessibility support.
Credit to Google Chrome Security Team (SkyLined). 
Low CVE-2011-1810: Visit history information leak in CSS. Credit to
Jesse Mohrland of Microsoft and Microsoft Vulnerability Research
Low CVE-2011-1811: Browser crash with lots of form submissions.
Credit to DimitrisV22. 
Medium CVE-2011-1812: Extensions permission bypass.Credit to kuzzcc. 
High CVE-2011-1813: Stale pointer in extension framework. Credit to
Google Chrome Security Team (Inferno). 
Medium CVE-2011-1814: Read from uninitialized pointer. Credit to
Eric Roman of the Chromium development community. 
Low CVE-2011-1815: Extension script injection into new tab page.
Credit to kuzzcc. 
Medium CVE-2011-1816: Use-after-free in developer tools. Credit to
Medium CVE-2011-1817: Browser memory corruption in history deletion.
Credit to Collin Payne. 
High CVE-2011-1818: Use-after-free in image loader. Credit to
Medium CVE-2011-1819: Extension injection into chrome:// pages.
Credit to Vladislavas Jarmalis, plus subsequent independent
discovery by Sergey Glazunov. 
High CVE-2011-2332: Same origin bypass in v8. Credit to Sergey
High CVE-2011-2342: Same origin bypass in DOM. Credit to Sergey
Ensure that Chrome has updated to 12.0.742.91 or higher.
 Chrome Stable Release
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
Australian Computer Emergency Response Team
The University of Queensland
Internet Email: firstname.lastname@example.org
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----