Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2012.0121 A number of vulnerabilities have been identified in Google Chrome 3 September 2012 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Google Chrome Operating System: Linux variants Mac OS X Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2012-2872 CVE-2012-2871 CVE-2012-2870 CVE-2012-2869 CVE-2012-2868 CVE-2012-2867 CVE-2012-2866 CVE-2012-2865 Member content until: Wednesday, October 3 2012 OVERVIEW A number of vulnerabilities have been identified in Google Chrome prior to version 21.0.1180.89. [1] IMPACT The vendor has provided the following details regarding these vulnerabilities: "[$500] [121347] Medium CVE-2012-2865: Out-of-bounds read in line breaking. Credit to miaubiz. [$1000] [134897] High CVE-2012-2866: Bad cast with run-ins. Credit to miaubiz. [135485] Low CVE-2012-2867: Browser crash with SPDY. [$500] [136881] Medium CVE-2012-2868: Race condition with workers and XHR. Credit to miaubiz. [137778] High CVE-2012-2869: Avoid stale buffer in URL loading. Credit to Fermin Serna of the Google Security Team. [138672] [140368] Low CVE-2012-2870: Lower severity memory management issues in XPath. Credit to Nicolas Gregoire. [$1000] [138673] High CVE-2012-2871: Bad cast in XSL transforms. Credit to Nicolas Gregoire. [$500] [142956] Medium CVE-2012-2872: XSS in SSL interstitial. Credit to Emmanuel Bronshtein." [1] MITIGATION The vendor recommends updating to the latest version of Chrome to correct these issues. [1] REFERENCES [1] Stable Channel Update http://googlechromereleases.blogspot.com.au/2012/08/stable-channel-update_30.html AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUERFb+4yVqjM2NGpAQL7BQ/9FjNtXIg1HE0Ca5sPxnnL8E4sByiwLojM eoe2k+sxPoEvfpeLdMS/heW80rHMPE5jO0TLRn1eoZDmbPSLEGXZ9SH7cXdVnuh+ cGydLHzVk97GxEq/TqOk8TSGc3W9Pmff1N/ZnCKU+PPxjyNw8vSRpvKxBmvko4+c fLpEXHHqm3Xa++SPAFauwv0CyTiIc7MNM9eqC1hw7s8iu37tLoIpJLfJjS68OXf3 YZfmPZ8Pph1znD6391CmDWv33jLI3K831tsf3zlRgLengBlMamgjoRjF1WwxMpa3 nHQ3jJJFG32yyOXG8UimucLUiY870MAUBSdfl98Tb6gQfkPlZzT2bdVABwi1WmRv KXgEODafhsZtqxNt+JagWi3dNDWLeiz57y7RGbWP9r1O0KLNwlAFwy4Bk8R12ygf KSIccOPsbD6+/FBn9hIrdawPjCdqodLY07NbLBwgMNHVlvrFkU4iIZHVGXXB+AOC rMtEkuMuy9YDJBvGOmE376NStWwjSqUa/0RFnmGSOaoW6cT222Sb+u3rSmVnQ/Ac AdDyFpSr3o4ZuEdy8YMVgTP0zGCiA3R3KfJSGXxM/V+9114anSGYxIkfGsJqqR+q 6DwNZ6OPYWfygxQRbtxwsRK3Isq8QqEVew7VBwdq9iY9zrgX4XpCfNEXAM+yxl5Q wljnjOUcmBw= =tCCh -----END PGP SIGNATURE-----