-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2015.0005
      Stable Google Chrome update addresses multiple vulnerabilities
                              15 January 2015

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Google Chrome
Operating System:     Windows
                      OS X
                      Linux variants
Impact/Access:        Execute Arbitrary Code/Commands -- Remote with User Interaction
                      Access Confidential Data        -- Remote with User Interaction
Resolution:           Patch/Upgrade
CVE Names:            CVE-2015-0309 CVE-2015-0308 CVE-2015-0307
                      CVE-2015-0306 CVE-2015-0305 CVE-2015-0304
                      CVE-2015-0303 CVE-2015-0302 CVE-2015-0301
Member content until: Saturday, February 14 2015
Reference:            ESB-2015.0100
                      ESB-2015.0091

OVERVIEW

        Google has released Chrome 39.0.2171.95 which includes an update for
        Adobe Flash as well as other fixes. [1]


IMPACT

        Google references the Adobe Security bulletin, which provides the 
        following details regarding the vulnerabilities:
        
        "These updates resolve an improper file validation issue (CVE-2015-0301).
        
        These updates resolve an information disclosure vulnerability that could be 
        exploited to capture keystrokes on the affected system (CVE-2015-0302).
        
        These updates resolve memory corruption vulnerabilities that could lead to 
        code execution (CVE-2015-0303, CVE-2015-0306).
        
        These updates resolve heap-based buffer overflow vulnerabilities that could 
        lead to code execution (CVE-2015-0304, CVE-2015-0309).
        
        These updates resolve a type confusion vulnerability that could lead to code 
        execution (CVE-2015-0305).
        
        These updates resolve an out-of-bounds read vulnerability that could be 
        exploited to leak memory addresses (CVE-2015-0307).
        
        These updates resolve a use-after-free vulnerability that could lead to code 
        execution (CVE-2015-0308)." [2]


MITIGATION

        The vendor recommends updating to the latest version of Google 
        Chrome to correct these issues. [1]


REFERENCES

        [1] Stable Channel Update
            http://googlechromereleases.blogspot.com.au/2015/01/stable-channel-update.html

        [2] Security updates available for Adobe Flash Player
            http://helpx.adobe.com/security/products/flash-player/apsb15-01.html

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBVLcNORLndAQH1ShLAQKVxw//eXvOqakP/lU4rSFlJdUAkUvYOqYKatyt
G+7kP3VjJ7IqR2if3ywWKgz/cdQ3tA4kOh9lepVjyAdmrUVkMHhm4vNlusAxm73O
85SxE+TO9+6IgnZbJ4Sf+OFqir0w5K/y4GWcbhPj+3HN9Nzn8gFoyDrkUJ6+5p5d
gIDMpWeOuOeJA+i8IXMtzyVz89P9cq/dfzfVNd5ag6Ze6Rmtt8JZdAhwRlh2oPgy
sgTZMNRXlN6e7sUMGCfP8oxaJhS+mxMKJB+FBV55dxzeT3MiAM3K/T9ghbCNkD/r
A13kNonyDZ1tzXwwYtYeK9tnM0NilBw+JuraiJzo5m6YAR2nYGq/nIY8A7x+50rM
rCyxQytCf1VzyId7cTkGiUIcBJo7jFNz6BAhI+6jW8AjyRCLY+U63WnTA9q5+xSO
PvSpS0TX/C/x5AzNTbZN3AtKmdH8FUWufrtSCFzADEBIHUcRv0b91/VAU2RZowF+
pzoRTdn+yTyayPyDheuprNMjZbwLAt0c5R/YL2695PgxVGATSaL0GVyyzeLER5qx
kZaq/BSmYRcObHYOBdruWA1MAZWzRYE20EtsO+zZISB0wqNtm5BAxncuSZx/yjwI
4iCj32ihrLeDTe21z+7+GO/xZDZMW+E1c82UekLYc1AMiZlNG8ZjnIxhkutwpDII
XegOvryqopI=
=+3qE
-----END PGP SIGNATURE-----