Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2014.0061 A number of vulnerabilities have been identified in Google Chrome 21 May 2014 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Google Chrome Operating System: Windows OS X Linux variants Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Cross-site Scripting -- Remote with User Interaction Denial of Service -- Remote with User Interaction Provide Misleading Information -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2014-3152 CVE-2014-1749 CVE-2014-1748 CVE-2014-1747 CVE-2014-1746 CVE-2014-1745 CVE-2014-1744 CVE-2014-1743 Member content until: Friday, June 20 2014 OVERVIEW A number of vulnerabilities have been identified in Google Chrome prior to version 35.0.1916.114 for Mac and Windows and Linux. IMPACT The vendor has provided the following details regarding these vulnerabilities: "[$3000][356653] High CVE-2014-1743: Use-after-free in styles. Credit to cloudfuzzer. [$3000][359454] High CVE-2014-1744: Integer overflow in audio. Credit to Aaron Staple. [$1000][346192] High CVE-2014-1745: Use-after-free in SVG. Credit to Atte Kettunen of OUSPG. [$1000][364065] Medium CVE-2014-1746: Out-of-bounds read in media filters. Credit to Holger Fuhrmannek. [$1000][330663] Medium CVE-2014-1747: UXSS with local MHTML file. Credit to packagesu. [$500][331168] Medium CVE-2014-1748: UI spoofing with scrollbar. Credit to Jordan Milne. As usual, our ongoing internal security work responsible for a wide range of fixes: [374649] CVE-2014-1749: Various fixes from internal audits, fuzzing and other initiatives. [358057] CVE-2014-3152: Integer underflow in V8 fixed in version 3.25.28.16. Many of the above bugs were detected using AddressSanitizer." [1] MITIGATION The vendor recommends updating to the latest version of Google Chrome to correct these issues. [1] REFERENCES [1] Stable Channel Update http://googlechromereleases.blogspot.com.au/2014/05/stable-channel-update_20.html AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBU3wEKRLndAQH1ShLAQLl5w/9GsZT/BnTpfqinf2aMDHU28zMf7HtZg/O WWhxypO7Jo17MDCoXqTCaziHdHK5bfPkU+BZu2cVe2hhMVDQ0NEIHY1VCRsnVoJe zYPajnwiIM410JUCTvx0778zdw8KmznpcnOyLHnEDXlFfVx70/j3jF+HUvnaPqUf UiMrUm/EiQCOxf95Ld82DVDMMpP9BsUEkO4Y2HGQIyvPMNSRp+YExti2x3l8/Xf7 A17Im19gjRt4IxZuA7DhlYO6kpK1rGW2Xgc5Mu4bSmL36h/Bip1thsDeIzSt27wU tyCRnn/JO4Pr6kohfEyIg3xRlTctmLycd9pKPlz/ba8eCcXsqY7taFS2N9SQkpoo YS7vqG7/pVKhB1XN599NiAuKZiccbE6jThQE+7ZP+MkcceMXTXLtDjRXow6KOH3x esTxBwjyQ7/bARUc0m3o4c7LbmlYb4QHsO40OtFQcNK9CrCakdxML0wFbSWbQ/32 KJiqoQ/6yiYhDDbFqGhymgaSW/apvyx7Etb4+aYS3wk82/ppPAmHzQVEuz32YFmf 0zxGG9nRGa3BWbongSEkn+xGiCwMMIMwDAHryh+pFBC2tHZtbvDki430w4TXXpXd LAA9557syb93mZhQav1goW/YYWFe643Jfkqu92VtC+1gMuvFsRnT+sN5eQFYGYo6 0flDJABE6as= =2U3D -----END PGP SIGNATURE-----