Google Chrome: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2014.0132
                  Google has released Chrome 39.0.2171.65
                             19 November 2014

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Google Chrome
Operating System:     Windows
                      Linux variants
                      OS X
Impact/Access:        Execute Arbitrary Code/Commands -- Remote with User Interaction
                      Denial of Service               -- Remote with User Interaction
                      Provide Misleading Information  -- Remote with User Interaction
                      Access Confidential Data        -- Remote with User Interaction
Resolution:           Patch/Upgrade
CVE Names:            CVE-2014-7910 CVE-2014-7909 CVE-2014-7908
                      CVE-2014-7907 CVE-2014-7906 CVE-2014-7905
                      CVE-2014-7904 CVE-2014-7903 CVE-2014-7902
                      CVE-2014-7901 CVE-2014-7900 CVE-2014-7899
                      CVE-2014-0574  
Member content until: Friday, December 19 2014
Reference:            ASB-2014.0128
                      ESB-2014.2141
                      ESB-2014.2129

OVERVIEW

        Google has released Chrome 39.0.2171.65, which includes 42 security
        fixes. [1]


IMPACT

        Google has provided the following details regarding the major 
        vulnerabilities:
        
        "[$500][389734] High CVE-2014-7899: Address bar spoofing. Credit to
        Eli Grey.
        
        [$1500][406868] High CVE-2014-7900: Use-after-free in pdfium. Credit
        to Atte Kettunen from OUSPG.
        
        [$1000][413375] High CVE-2014-7901: Integer overflow in pdfium. 
        Credit to cloudfuzzer.
        
        [$1000][414504] High CVE-2014-7902: Use-after-free in pdfium. Credit
        to cloudfuzzer.
        
        [$3000][414525] High CVE-2014-7903: Buffer overflow in pdfium. 
        Credit to cloudfuzzer.
        
        [$2000][418161] High CVE-2014-7904: Buffer overflow in Skia. Credit
        to Atte Kettunen from OUSPG.
        
        [$2000][421817] High CVE-2014-7905: Flaw allowing navigation to 
        intents that do not have the BROWSABLE category. Credit to 
        WangTao(neobyte) of Baidu X-Team.
        
        [$500][423030] High CVE-2014-7906: Use-after-free in pepper plugins.
        Credit to Chen Zhang (demi6od) of the NSFOCUS Security Team.
        
        $7500][423703] High CVE-2014-0574: Double-free in Flash. Credit to 
        biloulehibou.
        
        [$5000][424453] High CVE-2014-7907: Use-after-free in blink. Credit
        to Chen Zhang (demi6od) of the NSFOCUS Security Team.
        
        [$500][425980] High CVE-2014-7908: Integer overflow in media. Credit
        to Christoph Diehl.
        
        [$500][391001] Medium CVE-2014-7909: Uninitialized memory read in 
        Skia. Credit to miaubiz." [1]
        
        "We would also like to thank Atte Kettunen, Christian Holler, 
        cloudfuzzer, and mmaliszkiewicz for working with us during the 
        development cycle to prevent security bugs from ever reaching the 
        stable channel. $16500 in additional rewards were issued.
        
        As usual, our ongoing internal security work was responsible for a 
        wide range of fixes:
        
        [433500] CVE-2014-7910: Various fixes from internal audits, fuzzing
        and other initiatives."[1]


MITIGATION

        The vendor recommends updating to the latest version of Google Chrome
        to correct these issues. [1]


REFERENCES

        [1] Stable Channel Update
            http://googlechromereleases.blogspot.com.au/2014/11/stable-channel-update_18.html

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBVGwe2BLndAQH1ShLAQJkpw/+LxDyplgGyCbMuAmcxqkcaICV3zt8xmOu
YSGXyjKxHrIF7RYnZE5TO9En7ED5mcIhsDbUBVdSSqYKhjb71SmlBNEB/FYHKE0K
Fq/IHbfhaO7E2Yeudmnc1/r6MBh+DJcCL9AZugsXb4KbEEzVkZLWV1QTY0Lz7jUa
xINULkVwm7T4ZEtqY36dBTuqW69dUXwfbva080+5PVJfgr63QkMgpcbO+T9lhtOk
ZsOdrppc5g+p/o0tI8q1o/M711BYv9ILHzEilEtRZ7cygqL5JNipKy9WCSbYkb9m
4Zik4z6cadoBGc6Ktdyru2b7aXItP0eMP7KjRVI5mgiDlPB6vXKcc5imXFFhHBhK
n/dWvWnZYCU965pibsCQvjhpyzuXGU8BrDREoHD4+E+knjyP1R6QlYh8PyzBr3PR
rDw+TaLXhkLttwCcpUYccRgjUMdsq6ilFgs9C4gQEsjLtfXGMJy+EEFueKGxa1zM
CxL0hze/jh2sLFHRJVyMYcbVydMw01VTuz9RWYnxEjRIjjA+xiJqSIR5ssFCW6I2
PRW37U6clt+s2zMAWx2e0T5kGe4vIg4yZ60KOAd9cRfrFj2mUKk1NvqVnlejZv3h
qjyoIS4zscYn3wtKm+8vWsDR0M92Jj44APbfNiF76pAgYoQLW2gmqJvKSJqNYTta
9FXXRsv/OWc=
=QTex
-----END PGP SIGNATURE-----