Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT Security Bulletin
ASB-2013.0114
A number of vulnerabilities have been identified in Google Chrome
16 October 2013
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Google Chrome
Operating System: Windows
OS X
Linux variants
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Denial of Service -- Remote with User Interaction
Reduced Security -- Unknown/Unspecified
Resolution: Patch/Upgrade
CVE Names: CVE-2013-2928 CVE-2013-2927 CVE-2013-2926
CVE-2013-2925
Member content until: Friday, November 15 2013
OVERVIEW
A number of vulnerabilities have been identified in Google Chrome
prior to version 30.0.1599.101. [1]
IMPACT
The vendor has provided the following details regarding these
vulnerabilities:
"[$1000][292422] High CVE-2013-2925: Use after free in XHR. Credit to
Atte Kettunen of OUSPG.
[$2000][294456] High CVE-2013-2926: Use after free in editing. Credit
to cloudfuzzer.
[$2000][297478] High CVE-2013-2927: Use after free in forms. Credit to
cloudfuzzer.
As usual, our ongoing internal security work responsible for a wide
range of fixes:
*[305790] CVE-2013-2928: Various fixes from internal audits, fuzzing
and other initiatives." [1]
MITIGATION
The vendor recommends updating to the latest version of Chrome to
correct these issues. [1]
REFERENCES
[1] Stable Channel Update
http://googlechromereleases.blogspot.com.au/2013/10/stable-channel-update_15.html
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBUl4NRxLndAQH1ShLAQLmHg/7BY1S3YP9sEW3L8pOP+l742fiKkvDnghS
U+xFozzFNA64IN5iJSAiqNBhYYuUreNrcCKm9f+xOuIWN/igxArfPJnpkyXUk2oz
Ws1bvdH1IkGqpEhHXcRN80RfDC3bhS36/OOcCeA2ZscgdOk2KfRBRPcX5oQ2UFyt
VU2VQOZChz6h3ZfITB06U5aHu/OpuqLWCLMhmfqi4nP607+AeDPTysotnup/4Bv4
2l99vH2a7Z+GsJmHAU7294nE4vywoO6R5b6TXLNoT+wBashlfBot9fKB0XbUVafn
QqEdWF929zVYqz/rhqJrsGqFevEQAoXXQIWNoZML7zEw4eaRAoRsHjBYTM5o+cMb
eKr/EE3iEQSDURVkX+qiefBbBSGdQXFSuiUWPVkxLO/YSdQyjAihvxA+vYhaFr3/
kDqyfIs3c/RjgIk1+wyEe9ebWpfu9D2vlEQMWPFHIdhi6hbURfy3rpRIRbTRyuN7
gkuSWL/7l1zMbUz/xdi0OQXAEOm8cAsET89ncULZeprHinjTNkAZnc7yS0xOAFi7
Vs+bBm0HSAGrjlv2Cxab9uvsNxF/lVKyCkbSnuA/fpx3k084D9eZe6H4t6wLhDCt
hnOLEI+j81joBWouAshgB3b35yunHASJBcTp0VI1dKHUjeuRqY58Ac1LjBHEtXKK
Ws9hpVocIro=
=nnfz
-----END PGP SIGNATURE-----