Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT Security Bulletin
ASB-2012.0004
A number of vulnerabilities have been identified in Google Chrome
6 January 2012
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Google Chrome
Operating System: UNIX variants (UNIX, Linux, OSX)
Windows
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2011-3922 CVE-2011-3921 CVE-2011-3919
Member content until: Sunday, February 5 2012
OVERVIEW
A number of vulnerabilities have been identified in Google Chrome prior
to version 16.0.912.75. [1]
IMPACT
The vendor has provided the following details regarding these
vulnerabilities:
"[106672] High CVE-2011-3921: Use-after-free in animation frames.
Credit to Boris Zbarsky of Mozilla.
[107128] High CVE-2011-3919: Heap-buffer-overflow in libxml.
Credit to Jri Aedla.
[108006] High CVE-2011-3922: Stack-buffer-overflow in glyph handling.
Credit to Google Chrome Security Team (Cris Neckar)." [1]
MITIGATION
The vendor recommends upgrading to the latest version of Google Chrome
to correct these issues. [1]
REFERENCES
[1] Stable Channel Update
http://googlechromereleases.blogspot.com/2012/01/stable-channel-update.html
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBTwaMnO4yVqjM2NGpAQLC/Q/7BS8bmjPO6x+f92ju4lFS9onN9ZPfVWJN
gkgQGaalLw41sLZu2rEEW77z4/XjZAIaNFEOs5KJuUyzcEqxF7jT92KUSb0V5eCr
JfUWC6lLWVjatOFv7qdPwvfU06NAWzmQWapQbOKOFGwZ3zRya2p73bqSC/WIMJUy
4kuhX4EgJuOw4JLRbcDPU1lsDI3ytcDCNwzaTG79GvGuP3uaOc3Rw0iXrSVJ52JG
yf7yCH2jK3CeGzEY2bXAAdFbUxOTPrTfcXxgSMy40nI/M7huwjs/G2VSlZZnXt8n
hAtQLX9wRrVvc0umvDT6vgTENPqlWtSEmkJpsKvtB0tJSq1bt9LMF45HhYRhWmui
KQeW5pPo35MBpp76tVOKaiH7M5vF+pm/kN3Voz9v82/prVm0OaETfWzG6ngGr+Tz
XRrUoP3ZIfOpNeG8vCJHtY8UKzv9w52wP3FjlanSScYRxewsMpVMWE/IO2K7HEs5
1cjRjjttgKb1WtaeO8dNsyI/4iQxb82IFtSLcnC0RQPPcqwcGR3BBtW9Ewo7c9Hx
pdJGM/NHjZ8JHxzlj3p7AXB8Xfd7fVKwZPTDtX9KQfXWvcd0jCrcD0VxX8kWwMlm
ItwkW4sSP2ShZ4M50WxsNYqALpQR04/Rs4bCsbYONO5E1SwFqRo7w+iy5Dhe2NW8
Z3oYkCE2Iko=
=AD9W
-----END PGP SIGNATURE-----