Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2012.0164 A number of vulnerabilities have been identified in Google Chrome 28 November 2012 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Google Chrome Operating System: Windows OS X Linux variants Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2012-5136 CVE-2012-5135 CVE-2012-5134 CVE-2012-5133 CVE-2012-5132 CVE-2012-5131 CVE-2012-5130 Member content until: Friday, December 28 2012 OVERVIEW A number of vulnerabilities have been identified in Google Chrome prior to version 23.0.1271.91. IMPACT The vendor has provided the following details regarding these vulnerabilities: "[$1000] [152746] High CVE-2012-5131: Corrupt rendering in the Apple OSX driver for Intel GPUs. Credit to Justin Drake. [$1000] [156567] High CVE-2012-5133: Use-after-free in SVG filters. Credit to miaubiz. [$500] [148638] Medium CVE-2012-5130: Out-of-bounds read in Skia. Credit to Atte Kettunen of OUSPG. [155711] Low CVE-2012-5132: Browser crash with chunked encoding. Credit to Attila Szsz. [158249] High CVE-2012-5134: Buffer underflow in libxml. Credit to Google Chrome Security Team (Jri Aedla). [159165] Medium CVE-2012-5135: Use-after-free with printing. Credit to Fermin Serna of Google Security Team. [159829] Medium CVE-2012-5136: Bad cast in input element handling. Credit to Google Chrome Security Team (Inferno)." [1] MITIGATION The vendor recommends updating to the latest version of Google Chrome to correct this issue. [1] REFERENCES [1] Stable Channel Update http://googlechromereleases.blogspot.nl/search/label/Stable%20updates AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBULV25O4yVqjM2NGpAQIgpg/7Blhej5BAeqgew6dJRHsnkERGoI8VJYmI Yj0SdV4Z4zhEVMgp+kVYfZkqWA21ND5RwpNyARXBg+OI37qPW7hcxEayvOwoGnRF LPT6Udqr3f0ngotNdpCd8xkR4ZQEA11WthLYETcHyaheW+qKYNZjBw+K2Xc2O7i4 WZiHfOPYyTcrBL5GT0Sz5ZYtgzqGNT4YiTRv5/ZV7NDXEDgir1Apz2k9Sn/8sbtG GGORD6B4VRjmpjYy6Cocw6RY02nr4FiQOrb9aM38NBpcbHYxygMW163jci0p8hAp jvI0uSqSeW1sAQTKtxhdkICOmNLeEHSQEEPRhPxZzbzrrYavrZWIRCalauFQ80Up Ymgs1rCWoXNhkPTt/vYKPr8m1WmZz1MFSwrpwFiMavO96RkQV79R658k1PdhP8Bp eVT1sFiU6iFfUNOFwe/6QuOtj7Br1Mk5tmgdJ/izKtV5GMVJueeVzlAxGF/SWBWP Tmetg4hj/Rt1IQ9ynwOciNL9KZS4tdqeKIrd2uqHUwMTPKuSZzHjsByDBngDUhRF WJlEhLkwuuucpn6f7NzJym6XocsFbXzOZ1lG94O4nDYEIgOI6UI4L+Sw1EoZnkg9 0KtoFYwBPkY1T9UBoDrMcQLtVX740A7LgQiao2pJuLM7Y7uQ3ozPpj9obC+D3Y4J d8ggsU9BFf0= =p+a1 -----END PGP SIGNATURE-----