-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2011.0060
     A number of vulnerabilities have been identified in Google Chrome
                               3 August 2011

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Google Chrome
Operating System:     Windows
                      Linux variants
                      Mac OS X
Impact/Access:        Execute Arbitrary Code/Commands -- Remote with User Interaction
                      Access Privileged Data          -- Remote with User Interaction
                      Denial of Service               -- Remote with User Interaction
                      Reduced Security                -- Remote with User Interaction
Resolution:           Patch/Upgrade
CVE Names:            CVE-2011-2819 CVE-2011-2818 CVE-2011-2805
                      CVE-2011-2804 CVE-2011-2803 CVE-2011-2802
                      CVE-2011-2801 CVE-2011-2800 CVE-2011-2799
                      CVE-2011-2798 CVE-2011-2797 CVE-2011-2796
                      CVE-2011-2795 CVE-2011-2794 CVE-2011-2793
                      CVE-2011-2792 CVE-2011-2791 CVE-2011-2790
                      CVE-2011-2789 CVE-2011-2788 CVE-2011-2787
                      CVE-2011-2786 CVE-2011-2785 CVE-2011-2784
                      CVE-2011-2783 CVE-2011-2782 CVE-2011-2361
                      CVE-2011-2360 CVE-2011-2359 CVE-2011-2358
Member content until: Friday, September  2 2011

OVERVIEW

        A number of vulnerabilities have been identified in Google Chrome
        prior to version 13.0.782.107.


IMPACT

        The vendor has provided the following details regarding these
        vulnerabilities:
        
        "[75821] Medium CVE-2011-2358: Always confirm an extension install via 
         a browser dialog. Credit to Sergey Glazunov.
         [$1000 each] [78841] High CVE-2011-2359: Stale pointer due to bad line 
         box tracking in rendering. Credit to miaubiz and Martin Barbella.
         [79266] Low CVE-2011-2360: Potential bypass of dangerous file prompt. 
         Credit to kuzzcc.
         [79426] Low CVE-2011-2361: Improve designation of strings in the basic 
         auth dialog. Credit to kuzzcc.
         [Linux only] [81307] Medium CVE-2011-2782: File permissions error 
         with drag and drop. Credit to Evan Martin of the Chromium development 
         community.
         [83273] Medium CVE-2011-2783: Always confirm a developer mode NPAPI 
         extension install via a browser dialog. Credit to Sergey Glazunov.
         [83841] Low CVE-2011-2784: Local file path disclosure via GL program 
         log. Credit to kuzzcc.
         [84402] Low CVE-2011-2785: Sanitize the homepage URL in extensions. 
         Credit to kuzzcc.
         [84600] Low CVE-2011-2786: Make sure the speech input bubble is 
         always on-screen. Credit to Olli Pettay of Mozilla.
         [84805] Medium CVE-2011-2787: Browser crash due to GPU lock 
         re-entrancy issue. Credit to kuzzcc.
         [85559] Low CVE-2011-2788: Buffer overflow in inspector serialization. 
         Credit to Miko?aj Ma?ecki.
         [$500 each] [85808] Medium CVE-2011-2789: Use after free in Pepper 
         plug-in instantiation. Credit to Mario Gomes and kuzzcc.
         [$1000] [86502] High CVE-2011-2790: Use-after-free with floating
         styles. Credit to miaubiz.
         [$1000] [86900] High CVE-2011-2791: Out-of-bounds write in ICU. Credit 
         to Yang Dingning from NCNIPC, Graduate University of Chinese Academy 
         of Sciences.
         [$1000] [87148] High CVE-2011-2792: Use-after-free with float removal. 
         Credit to miaubiz.
         [$1000] [87227] High CVE-2011-2793: Use-after-free in media selectors. 
         Credit to miaubiz.
         [$500] [87298] Medium CVE-2011-2794: Out-of-bounds read in text 
         iteration. Credit to miaubiz.
         [$500] [87339] Medium CVE-2011-2795: Cross-frame function leak. Credit 
         to Shih Wei-Long.
         [87548] High CVE-2011-2796: Use-after-free in Skia. Credit to Google 
         Chrome Security Team (Inferno) and Kostya Serebryany of the Chromium 
         development community.
         [$1000] [87729] High CVE-2011-2797: Use-after-free in resource caching. 
         Credit to miaubiz.
         [87815] Low CVE-2011-2798: Prevent a couple of internal schemes from 
         being web accessible. Credit to sirdarckcat of the Google Security 
         Team.
         [$1000] [87925] High CVE-2011-2799: Use-after-free in HTML range 
         handling. Credit to miaubiz.
         [$500] [88337] Medium CVE-2011-2800: Leak of client-side redirect 
         target. Credit to Juho Nurminen.
         [$1000] [88591] High CVE-2011-2802: v8 crash with const lookups. 
         Credit to Christian Holler.
         [88827] Medium CVE-2011-2803: Out-of-bounds read in Skia paths. 
         Credit to Google Chrome Security Team (Inferno).
         [$1000] [88846] High CVE-2011-2801: Use-after-free in frame loader. 
         Credit to miaubiz.
         [$1000] [88889] High CVE-2011-2818: Use-after-free in display box 
         rendering. Credit to Martin Barbella.
         [$500] [89142] High CVE-2011-2804: PDF crash with nested functions. 
         Credit to Aki Helin of OUSPG.
         [$1500] [89520] High CVE-2011-2805: Cross-origin script injection. 
         Credit to Sergey Glazunov.
         [$1500] [90222] High CVE-2011-2819: Cross-origin violation in base 
         URI handling. Credit to Sergey Glazunov." [1]


MITIGATION

        The vendor recommends upgrading to the latest version of Google Chrome
        to correct these issues. [1]


REFERENCES

        [1] Stable Channel Update
            http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBTjjEF+4yVqjM2NGpAQKAMQ/+JTWf/ZHEtbEgJmN3ftp3u+OQpynuLGt0
rHB41dCh57AV5MnpNL66DC6x25giISkd93yaICZukts7/5+D85b0Y3ElmS6E8RbJ
jpPHVW4mdTBPyPCowqf/f2R6A6lDUC4mMPCdFdllo+NcIzpZuC/swnp8d3WI+EM8
zfqCpFgWHLPPqwxL0hXJGmynvta6jC700cumXTOoVBsUoqY7uAlfiOm8hE8IwbnK
1KvIKau/L+DI32s6sCtcg+rlD2ETKqJSAKi21tEOrMLZqVUVjaXXZpHrwjs14Rkm
eZ5rvnO5rHjnxPVaMOm6cMCoBJ3RuknqKoND88KtW3g2RRlwxPTrLOpz8ozYBFWb
StJf1Z0MhjAyWrBuEK2uLnL87ZuAMZc2qz9URirF1cND0d4b7EhDMTHXuRJi9Noi
/unKmKWmKpKbizft8icBQ8Cn4zSIDk07+ScMOmRupHAspO3nQu0yeQbZR2X1GW0Y
pzLHouTi2PqwNjWgiSBAT+M9zobk5LexI8VQbhRD07vJb75PhOO1+Lg650cDISG5
6uJCPaROWsMY6NChbuFpr8X/NsKr0PPHFd8tCI3x3GaPKYHeVuBp1WonIbYA86tC
oB1r+96RvPY4rsD3xJTiDVf3EnnsBCpBFyjpnVcCk2UX9UlBDTgObjFTuCOjwV7e
AxwZHjnxfYI=
=Wla5
-----END PGP SIGNATURE-----