Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT Security Bulletin
ASB-2014.0108
A vulnerability has been identified in Google Chrome
25 September 2014
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Google Chrome
Operating System: Windows
OS X
Impact/Access: Reduced Security -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2014-1568
Member content until: Saturday, October 25 2014
Reference: ASB-2014.0107
ESB-2014.1663
OVERVIEW
A vulnerability has been identified in Google Chrome prior to version
37.0.2062.124. [1]
IMPACT
The vendor has provided the following details regarding this
vulnerability:
"[414124] RSA signature malleability in NSS (CVE-2014-1568). Thanks
to Antoine Delignat-Lavaud of Prosecco/INRIA, Brian Smith and
Advanced Threat Research team at Intel Security" [1]
MITIGATION
The vendor recommends updating to the latest version of Google Chrome
to correct this issue. [1]
REFERENCES
[1] Stable Channel Update
http://googlechromereleases.blogspot.com.au/2014_09_01_archive.html
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBVCOckxLndAQH1ShLAQLAOxAAjaMqCKGZs49FBXACUjESHLPK02xstucn
Svm3ZKji8b/4rvUThth7GBi25JFGMb283igEPljnF5dhhfhmEfU3nLZdg1av84Bc
maaYW25B50dcYc21WUlTX81QpRUX+iF5yPZXf8eFi8CeXSpkKXi2wKXwbdv2VdWj
YUdjqkdXGKl1thGCO0U3uA9bfmzJCrOEshIQ62fB5xR4DjFwthvds8KKpXkObOGZ
D1l958mVm87poTdMn4lyCro+0XhCni+ty3EX7CPOcl3iJI4BrGJWgmzObq2dmwfN
RjZQONXCrgXZe0iRCPClqDj3iNRd2yUXPThYUW73tAVgk1asDfKMQ8RXllgGJoCZ
eoIKDGgSn2cAgEygdPjQrV5qw7kIdad4ricvCVtuk0dQsR3y8VzD1OFxby2xNxQS
j/AxO8Goo/ygPtXYnRgXScneZF9334pJgUsLlqUm5mnzU3S7BToRQ0v8XEzNhD2Q
sy4vR1s9G0KI1Z8qL9o6WRa4RTSu7UaYJTAnySP3vnyDxS6Zxzf5yWPleXApfg8d
DyK2KnXlvVvui51WUa5EUlNb5uu2tx0RCZh43f6WwJQg4485+ZB2cZggFseoX7Fx
WBf/BeeZwusZqGoXVBU5V3aIulsxIeSBC3dA6tefcBpYpwBOzgXQVL3VogaNSeOD
o/ovnFqj5AI=
=GTTd
-----END PGP SIGNATURE-----