Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2011.0060 A number of vulnerabilities have been identified in Google Chrome 3 August 2011 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Google Chrome Operating System: Windows Linux variants Mac OS X Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Access Privileged Data -- Remote with User Interaction Denial of Service -- Remote with User Interaction Reduced Security -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2011-2819 CVE-2011-2818 CVE-2011-2805 CVE-2011-2804 CVE-2011-2803 CVE-2011-2802 CVE-2011-2801 CVE-2011-2800 CVE-2011-2799 CVE-2011-2798 CVE-2011-2797 CVE-2011-2796 CVE-2011-2795 CVE-2011-2794 CVE-2011-2793 CVE-2011-2792 CVE-2011-2791 CVE-2011-2790 CVE-2011-2789 CVE-2011-2788 CVE-2011-2787 CVE-2011-2786 CVE-2011-2785 CVE-2011-2784 CVE-2011-2783 CVE-2011-2782 CVE-2011-2361 CVE-2011-2360 CVE-2011-2359 CVE-2011-2358 Member content until: Friday, September 2 2011 OVERVIEW A number of vulnerabilities have been identified in Google Chrome prior to version 13.0.782.107. IMPACT The vendor has provided the following details regarding these vulnerabilities: "[75821] Medium CVE-2011-2358: Always confirm an extension install via a browser dialog. Credit to Sergey Glazunov. [$1000 each] [78841] High CVE-2011-2359: Stale pointer due to bad line box tracking in rendering. Credit to miaubiz and Martin Barbella. [79266] Low CVE-2011-2360: Potential bypass of dangerous file prompt. Credit to kuzzcc. [79426] Low CVE-2011-2361: Improve designation of strings in the basic auth dialog. Credit to kuzzcc. [Linux only] [81307] Medium CVE-2011-2782: File permissions error with drag and drop. Credit to Evan Martin of the Chromium development community. [83273] Medium CVE-2011-2783: Always confirm a developer mode NPAPI extension install via a browser dialog. Credit to Sergey Glazunov. [83841] Low CVE-2011-2784: Local file path disclosure via GL program log. Credit to kuzzcc. [84402] Low CVE-2011-2785: Sanitize the homepage URL in extensions. Credit to kuzzcc. [84600] Low CVE-2011-2786: Make sure the speech input bubble is always on-screen. Credit to Olli Pettay of Mozilla. [84805] Medium CVE-2011-2787: Browser crash due to GPU lock re-entrancy issue. Credit to kuzzcc. [85559] Low CVE-2011-2788: Buffer overflow in inspector serialization. Credit to Miko?aj Ma?ecki. [$500 each] [85808] Medium CVE-2011-2789: Use after free in Pepper plug-in instantiation. Credit to Mario Gomes and kuzzcc. [$1000] [86502] High CVE-2011-2790: Use-after-free with floating styles. Credit to miaubiz. [$1000] [86900] High CVE-2011-2791: Out-of-bounds write in ICU. Credit to Yang Dingning from NCNIPC, Graduate University of Chinese Academy of Sciences. [$1000] [87148] High CVE-2011-2792: Use-after-free with float removal. Credit to miaubiz. [$1000] [87227] High CVE-2011-2793: Use-after-free in media selectors. Credit to miaubiz. [$500] [87298] Medium CVE-2011-2794: Out-of-bounds read in text iteration. Credit to miaubiz. [$500] [87339] Medium CVE-2011-2795: Cross-frame function leak. Credit to Shih Wei-Long. [87548] High CVE-2011-2796: Use-after-free in Skia. Credit to Google Chrome Security Team (Inferno) and Kostya Serebryany of the Chromium development community. [$1000] [87729] High CVE-2011-2797: Use-after-free in resource caching. Credit to miaubiz. [87815] Low CVE-2011-2798: Prevent a couple of internal schemes from being web accessible. Credit to sirdarckcat of the Google Security Team. [$1000] [87925] High CVE-2011-2799: Use-after-free in HTML range handling. Credit to miaubiz. [$500] [88337] Medium CVE-2011-2800: Leak of client-side redirect target. Credit to Juho Nurminen. [$1000] [88591] High CVE-2011-2802: v8 crash with const lookups. Credit to Christian Holler. [88827] Medium CVE-2011-2803: Out-of-bounds read in Skia paths. Credit to Google Chrome Security Team (Inferno). [$1000] [88846] High CVE-2011-2801: Use-after-free in frame loader. Credit to miaubiz. [$1000] [88889] High CVE-2011-2818: Use-after-free in display box rendering. Credit to Martin Barbella. [$500] [89142] High CVE-2011-2804: PDF crash with nested functions. Credit to Aki Helin of OUSPG. [$1500] [89520] High CVE-2011-2805: Cross-origin script injection. Credit to Sergey Glazunov. [$1500] [90222] High CVE-2011-2819: Cross-origin violation in base URI handling. Credit to Sergey Glazunov." [1] MITIGATION The vendor recommends upgrading to the latest version of Google Chrome to correct these issues. [1] REFERENCES [1] Stable Channel Update http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBTjjEF+4yVqjM2NGpAQKAMQ/+JTWf/ZHEtbEgJmN3ftp3u+OQpynuLGt0 rHB41dCh57AV5MnpNL66DC6x25giISkd93yaICZukts7/5+D85b0Y3ElmS6E8RbJ jpPHVW4mdTBPyPCowqf/f2R6A6lDUC4mMPCdFdllo+NcIzpZuC/swnp8d3WI+EM8 zfqCpFgWHLPPqwxL0hXJGmynvta6jC700cumXTOoVBsUoqY7uAlfiOm8hE8IwbnK 1KvIKau/L+DI32s6sCtcg+rlD2ETKqJSAKi21tEOrMLZqVUVjaXXZpHrwjs14Rkm eZ5rvnO5rHjnxPVaMOm6cMCoBJ3RuknqKoND88KtW3g2RRlwxPTrLOpz8ozYBFWb StJf1Z0MhjAyWrBuEK2uLnL87ZuAMZc2qz9URirF1cND0d4b7EhDMTHXuRJi9Noi /unKmKWmKpKbizft8icBQ8Cn4zSIDk07+ScMOmRupHAspO3nQu0yeQbZR2X1GW0Y pzLHouTi2PqwNjWgiSBAT+M9zobk5LexI8VQbhRD07vJb75PhOO1+Lg650cDISG5 6uJCPaROWsMY6NChbuFpr8X/NsKr0PPHFd8tCI3x3GaPKYHeVuBp1WonIbYA86tC oB1r+96RvPY4rsD3xJTiDVf3EnnsBCpBFyjpnVcCk2UX9UlBDTgObjFTuCOjwV7e AxwZHjnxfYI= =Wla5 -----END PGP SIGNATURE-----