Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2014.0097 A number of vulnerabilities have been identified in Google Chrome for Windows, Mac and Linux prior to version 36.0.1985.143 14 August 2014 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Google Chrome Operating System: Linux variants Windows OS X Impact/Access: Denial of Service -- Remote with User Interaction Execute Arbitrary Code/Commands -- Remote with User Interaction Access Confidential Data -- Remote with User Interaction Reduced Security -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2014-3167 CVE-2014-3166 CVE-2014-3165 Member content until: Saturday, September 13 2014 OVERVIEW A number of vulnerabilities have been identified in Google Chrome for Windows, Mac and Linux prior to version 36.0.1985.143. [1] IMPACT The vendor has provided the following details regarding these issues: "This update includes 12 security fixes. Below, we highlight fixes that were either contributed by external researchers or particularly interesting. Please see the Chromium security page for more information. [$2000][390174] High CVE-2014-3165: Use-after-free in web sockets. Credit to Collin Payne. [398925] High CVE-2014-3166: Information disclosure in SPDY. Credit to Antoine Delignat-Lavaud. As usual, our ongoing internal security work responsible for a wide range of fixes: [400950] CVE-2014-3167: Various fixes from internal audits, fuzzing and other initiatives. Many of the above bugs were detected using AddressSanitizer." [1] MITIGATION The vendor recommends updating to the latest versions of Google Chrome to correct these issues. [1] REFERENCES [1] Stable Channel Update http://googlechromereleases.blogspot.com.au/2014/08/stable-channel-update.html AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBU+wEqhLndAQH1ShLAQJS1BAAjPn+lDNSAh/d/vgm2pcbY30rYe6LLiFH X4JqgjZgshtKtEvpV77x8QyQjEzCGw3hFnkJ8EIAV1Wa7+3JmwShKoANonArVNu9 fznN5ZKbzIA8ULl+iRtynQFB6sEBFtpk1hBI//FE90xSXAJdbwbp9doUrbV6VcDv Atw97ziPxDmLX3MZRL/au0UG+pa6IW2erSjisDA0e8DfMf23ZeRY/7z1iy8KpRZz SJrRuYXFhden9X7OADXrqmNahl/IfjDne3iyzj4sn/EO3y8wZd+BNcDXLIt3jpTM ZYRh5hO7LQghjX1kp6I//yNrLJOMbKsYiubecMcWCfEEUvg5K9YNMiZviD794kJD GrXm8hkzocJ8oaTljSqc0/To9HogJbpiPl43GtENCHeUKjT3s8qWWoHOLhIdb3/J wbA3MCDGZgtDexUeSiGykUYCx7va/e5B8MDoo1nvs4Lz5yo1ImzrDeMANwNGypyN cHxqQ9i+nuWbVQDI3iZ/6kKBeLVcb0oCpcaMb77TLC2lvoYrLnhr8qB12K6nb0gN iPA3U/Tktmc6MW1vLK4tbP/QhRF3mZyUSn0RLJOzLyAb6JcuANfPtvoD16hVNYsW ic9odQ4x3Qx3AILMnLDOwS56awHSqLISselvent0fwD051dW5WHuehb/x9JFj6dM AGjMv+wMtg8= =pBAy -----END PGP SIGNATURE-----