Google Chrome: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2014.0018
      A number of vulnerabilities have been identified Google Chrome
                             24 February 2014

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Google Chrome
Operating System:     Windows
                      Mac OS
                      Linux variants
Impact/Access:        Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                      Denial of Service               -- Remote/Unauthenticated
                      Access Confidential Data        -- Unknown/Unspecified   
                      Reduced Security                -- Unknown/Unspecified   
Resolution:           Patch/Upgrade
CVE Names:            CVE-2013-6661 CVE-2013-6660 CVE-2013-6659
                      CVE-2013-6658 CVE-2013-6657 CVE-2013-6656
                      CVE-2013-6655 CVE-2013-6654 CVE-2013-6653
                      CVE-2013-6652  
Member content until: Wednesday, March 26 2014

OVERVIEW

        A number of vulnerabilities have been identified Google Chrome prior
        to version 33.0.1750.117 for Windows, Mac and Linux.


IMPACT

        The vendor has provided the following details regarding these 
        vulnerabilities:
        
        "This update includes 28 security fixes. Below, we highlight fixes 
        that were either contributed by external researchers or particularly 
        interesting. Please see the Chromium security page for more 
        information. 
        
        [$2000][334897] High CVE-2013-6652: Issue with relative paths in 
        Windows sandbox named pipe policy. Credit to tyranid.
        [$1000][331790] High CVE-2013-6653: Use-after-free related to web 
        contents. Credit to Khalil Zhani.
        [$3000][333176] High CVE-2013-6654: Bad cast in SVG. Credit to 
        TheShow3511.
        [$3000][293534] High CVE-2013-6655: Use-after-free in layout. Credit 
        to cloudfuzzer.
        [$500][331725] High CVE-2013-6656: Information leak in XSS auditor. 
        Credit to NeexEmil.
        [$1000][331060] Medium CVE-2013-6657: Information leak in XSS 
        auditor. Credit to NeexEmil.
        [$2000][322891] Medium CVE-2013-6658: Use-after-free in layout. 
        Credit to cloudfuzzer.
        [$1000][306959] Medium CVE-2013-6659: Issue with certificates 
        validation in TLS handshake. Credit to Antoine Delignat-Lavaud and 
        Karthikeyan Bhargavan from Prosecco, Inria Paris.
        
        [332579] Low CVE-2013-6660: Information leak in drag and drop. Credit 
        to bishopjeffreys.
        
        As usual, our ongoing internal security work responsible for a wide 
        range of fixes:
        [344876] Low-High CVE-2013-6661: Various fixes from internal audits, 
        fuzzing and other initiatives. Of these, seven are fixes for issues 
        that could have allowed for sandbox escapes from compromised 
        renderers.
        
        Many of the above bugs were detected using AddressSanitizer."


MITIGATION

        The vendor recommends updating to the latest version of 
        Google Chrome to correct these issues. [1]


REFERENCES

        [1] Stable Channel Update
            http://googlechromereleases.blogspot.com.au/2014/02/stable-channel-update_20.html

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBUwqvDBLndAQH1ShLAQIIPA/+LqVMh9uinbc0mfToitTHgFDi8seHgIvl
rAyE95yZoe39UvoeGLjKJnrRp3JYH0G+MIymISGkDqX1PV5xybCmWK6z/s4IiwtF
FhUDGA3PDylZsX73+J0nKQnXNnU2D8GeP53MsYcQ6EbBzfFKnMu3zRcwwVRbMSTR
zmGjR3tDmZNWSgIlWo+TwBN6C/40ShgR6xLqSuLs7VfjWvV0Cmw3a2C9+Ezm0UW4
BjUSY26fKFJdAZM1u+jOgex7R7cuUYMIQZWiFH40CaRhv1pzfb5Aso8qXURGu46w
Fv7p09ZFrDj3y5IK+gsRGrPlfzkWh0KPSzQkmJPm+2zT3WzWYS8Ho3At0aki0nhQ
HAZQDhzeqXXF5b5h7Ci6Agh62/C14FqhdU2BpwQ9sgjlBK4TSIaucDYj5nejjemf
60qHB7zqo6cSvgtuarYouyRUZu+RGRIRVkRCAPaA8aALDIA0MJ2pL/dDjX/tOK9K
Vbf+HlBchUgppWN3H2Z6MbIXZFViWw3vUfQK2IHjJ3tmHw9qKJGqqgZb2H0BFUN0
XcoFpMWxc0p7ynBkpKRuactQr611hGiAB4t2x7Z1S5AB4kvlFQH078IG27QgexRy
BVbYAfuBnHp9aYUYILSRY5mUwfaS3eION7lVx45zS74NFJ8w+8k6hbZBp/GPpQKy
ezaqAOsE+fc=
=9ljH
-----END PGP SIGNATURE-----