16 October 2013
Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2013.0114 A number of vulnerabilities have been identified in Google Chrome 16 October 2013 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Google Chrome Operating System: Windows OS X Linux variants Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Reduced Security -- Unknown/Unspecified Resolution: Patch/Upgrade CVE Names: CVE-2013-2928 CVE-2013-2927 CVE-2013-2926 CVE-2013-2925 Member content until: Friday, November 15 2013 OVERVIEW A number of vulnerabilities have been identified in Google Chrome prior to version 30.0.1599.101.  IMPACT The vendor has provided the following details regarding these vulnerabilities: "[$1000] High CVE-2013-2925: Use after free in XHR. Credit to Atte Kettunen of OUSPG. [$2000] High CVE-2013-2926: Use after free in editing. Credit to cloudfuzzer. [$2000] High CVE-2013-2927: Use after free in forms. Credit to cloudfuzzer. As usual, our ongoing internal security work responsible for a wide range of fixes: * CVE-2013-2928: Various fixes from internal audits, fuzzing and other initiatives."  MITIGATION The vendor recommends updating to the latest version of Chrome to correct these issues.  REFERENCES  Stable Channel Update http://googlechromereleases.blogspot.com.au/2013/10/stable-channel-update_15.html AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: firstname.lastname@example.org Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUl4NRxLndAQH1ShLAQLmHg/7BY1S3YP9sEW3L8pOP+l742fiKkvDnghS U+xFozzFNA64IN5iJSAiqNBhYYuUreNrcCKm9f+xOuIWN/igxArfPJnpkyXUk2oz Ws1bvdH1IkGqpEhHXcRN80RfDC3bhS36/OOcCeA2ZscgdOk2KfRBRPcX5oQ2UFyt VU2VQOZChz6h3ZfITB06U5aHu/OpuqLWCLMhmfqi4nP607+AeDPTysotnup/4Bv4 2l99vH2a7Z+GsJmHAU7294nE4vywoO6R5b6TXLNoT+wBashlfBot9fKB0XbUVafn QqEdWF929zVYqz/rhqJrsGqFevEQAoXXQIWNoZML7zEw4eaRAoRsHjBYTM5o+cMb eKr/EE3iEQSDURVkX+qiefBbBSGdQXFSuiUWPVkxLO/YSdQyjAihvxA+vYhaFr3/ kDqyfIs3c/RjgIk1+wyEe9ebWpfu9D2vlEQMWPFHIdhi6hbURfy3rpRIRbTRyuN7 gkuSWL/7l1zMbUz/xdi0OQXAEOm8cAsET89ncULZeprHinjTNkAZnc7yS0xOAFi7 Vs+bBm0HSAGrjlv2Cxab9uvsNxF/lVKyCkbSnuA/fpx3k084D9eZe6H4t6wLhDCt hnOLEI+j81joBWouAshgB3b35yunHASJBcTp0VI1dKHUjeuRqY58Ac1LjBHEtXKK Ws9hpVocIro= =nnfz -----END PGP SIGNATURE-----