Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2012.0136 A number of vulnerabilities have been identified in Google Chrome 10 October 2012 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Google Chrome Operating System: UNIX variants (UNIX, Linux, OSX) Windows Impact/Access: Denial of Service -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2012-5111 CVE-2012-5110 CVE-2012-5109 CVE-2012-5108 CVE-2012-2900 Member content until: Friday, November 9 2012 OVERVIEW A number of vulnerabilities have been identified in Google Chrome prior to version 22.0.1229.92. IMPACT The vendor has provided the following details regarding these vulnerabilities: "[$1000] [138208] High CVE-2012-2900: Crash in Skia text rendering. Credit to Atte Kettunen of OUSPG. [$3133.7] [147499] Critical CVE-2012-5108: Race condition in audio device handling. Credit to Atte Kettunen of OUSPG. [$500] [148692] Medium CVE-2012-5109: OOB read in ICU regex. Credit to Arthur Gerkis. [151449] Medium CVE-2012-5110: Out-of-bounds read in compositor. Credit to Google Chrome Security Team (Inferno). [151895] Low CVE-2012-5111: Plug-in crash monitoring was missing for Pepper plug-ins. Credit to Google Chrome Security Team (Chris Evans)." [1] MITIGATION The vendor recommends updating Chrome to the latest version to correct these issues. REFERENCES [1] Stable Channel Update http://googlechromereleases.blogspot.com.au/2012/10/stable-channel-update.html AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUHTYKu4yVqjM2NGpAQJgMA//cZ5G+aZ+6wtUiH7bVgEozlboiuZGwmKW F/Nuy9/IRKPK2kCXR9j4jqVCL6WfkV6g8Bng4uTTkCfL4EGdS/6XYN7A6rACm+2p +8QExuHtSpnY3veo18PhV99nBIThus37L6qNw7T8x3AsXQDoiGJ3IFI4cquHxssB zhdp0wkz95bpkbU2w1dILqJoguhJTX8PDL/z05s5E5ov4kjRy3kEdTHLIdck/IjZ 4/or7lPRBd0z8sAhdQ/eIJg2XmVUjvIrT0E7sIaHfRf27/Lz85bazuenagAuVMwU 6HmROTLnsJoVSnNYhrnUHsFs5+31ljmax3mK8dGBu7P5bHeabQ8ToaQXFh4445jT W7ttZ1Ynkbc1n8wZ1aRkZNY04CK2tKYyCSo1UF7n5fVIS0gr2w3VDMfyWezh9CCK h1wSLtJV+sdkpM7fx46yvHWuLr083omVkTNMAxeaTn7V+q+utrYYUaJA+aqVtSmL ZIgkwB29o7btCX7efLfXYS0Ma+RVQXW2NJleZ3WjGXpeqLyNJXCzSz8GZHW/bWor fWnqx8JBUCUaCNexk2hbiz4TqCDXtHLq7wNSjA5plOcuMtghsJikMwyvMk7+i+0O Smv9mxkYSNw7w8GklomrxwreB8wz0YDH6VO7cHTUQm/oWpHh97wH9AcNUB8YdJhf krljo9hv5sc= =G9SV -----END PGP SIGNATURE-----