Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2012.0004 A number of vulnerabilities have been identified in Google Chrome 6 January 2012 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Google Chrome Operating System: UNIX variants (UNIX, Linux, OSX) Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2011-3922 CVE-2011-3921 CVE-2011-3919 Member content until: Sunday, February 5 2012 OVERVIEW A number of vulnerabilities have been identified in Google Chrome prior to version 16.0.912.75. [1] IMPACT The vendor has provided the following details regarding these vulnerabilities: "[106672] High CVE-2011-3921: Use-after-free in animation frames. Credit to Boris Zbarsky of Mozilla. [107128] High CVE-2011-3919: Heap-buffer-overflow in libxml. Credit to Jri Aedla. [108006] High CVE-2011-3922: Stack-buffer-overflow in glyph handling. Credit to Google Chrome Security Team (Cris Neckar)." [1] MITIGATION The vendor recommends upgrading to the latest version of Google Chrome to correct these issues. [1] REFERENCES [1] Stable Channel Update http://googlechromereleases.blogspot.com/2012/01/stable-channel-update.html AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBTwaMnO4yVqjM2NGpAQLC/Q/7BS8bmjPO6x+f92ju4lFS9onN9ZPfVWJN gkgQGaalLw41sLZu2rEEW77z4/XjZAIaNFEOs5KJuUyzcEqxF7jT92KUSb0V5eCr JfUWC6lLWVjatOFv7qdPwvfU06NAWzmQWapQbOKOFGwZ3zRya2p73bqSC/WIMJUy 4kuhX4EgJuOw4JLRbcDPU1lsDI3ytcDCNwzaTG79GvGuP3uaOc3Rw0iXrSVJ52JG yf7yCH2jK3CeGzEY2bXAAdFbUxOTPrTfcXxgSMy40nI/M7huwjs/G2VSlZZnXt8n hAtQLX9wRrVvc0umvDT6vgTENPqlWtSEmkJpsKvtB0tJSq1bt9LMF45HhYRhWmui KQeW5pPo35MBpp76tVOKaiH7M5vF+pm/kN3Voz9v82/prVm0OaETfWzG6ngGr+Tz XRrUoP3ZIfOpNeG8vCJHtY8UKzv9w52wP3FjlanSScYRxewsMpVMWE/IO2K7HEs5 1cjRjjttgKb1WtaeO8dNsyI/4iQxb82IFtSLcnC0RQPPcqwcGR3BBtW9Ewo7c9Hx pdJGM/NHjZ8JHxzlj3p7AXB8Xfd7fVKwZPTDtX9KQfXWvcd0jCrcD0VxX8kWwMlm ItwkW4sSP2ShZ4M50WxsNYqALpQR04/Rs4bCsbYONO5E1SwFqRo7w+iy5Dhe2NW8 Z3oYkCE2Iko= =AD9W -----END PGP SIGNATURE-----