Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT Security Bulletin
ASB-2015.0017
A number of vulnerabilities have been identified in Google Chrome
6 February 2015
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Google Chrome
Operating System: Windows
OS X
Linux variants
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Increased Privileges -- Remote with User Interaction
Denial of Service -- Remote with User Interaction
Unauthorised Access -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2015-1212 CVE-2015-1211 CVE-2015-1210
CVE-2015-1209
Member content until: Sunday, March 8 2015
OVERVIEW
A number of vulnerabilities have been identified in Google Chrome prior
to versoin 40.0.2214.111. [1]
IMPACT
This update includes fixes for eleven security issues. The vendor has
provided the following details regarding a number of these issues:
"[$TBD][447906] High CVE-2015-1209: Use-after-free in DOM. Credit to
Maksymillian Motyl.
[$TBD][453979] High CVE-2015-1210: Cross-origin-bypass in V8
bindings. Credit to anonymous.
[$TBD][453982] High CVE-2015-1211: Privilege escalation using
service workers. Credit to anonymous.
[455225] CVE-2015-1212: Various fixes from internal audits, fuzzing
and other initiatives." [1]
MITIGATION
The vendor recommends updating Google Chrome to correct these
issues. [1]
REFERENCES
[1] Stable Channel Update
http://googlechromereleases.blogspot.com.au/2015/02/stable-channel-update.html
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBVNRQJBLndAQH1ShLAQIx0A/9EHp8RJYwFbshlLZB2VPspgj5NLS6SPBR
hJArBuR3J4QR9FFKtwCe/W/UGYd+fBTy/p5yoAedWBBE7GUH+2q0jXzStrdSZnZe
bBy9xGwqR01rktDpbM9zgUMTkZzgkFScZ16xE5ubgjA5W1ADV1hvlqKvTFuqGRBM
06v/IeBxoFNqL6fof1c0MBnx400b+Ps91Pm6Tnl0q1vlYC6efdUoZZsRdPCdWPsc
Fslz9e6Hq0+7YsvdEqSP5I+vSwTXdzmd4HR8SsZkdu6VB1xwsFedqmQEkTXOr+9g
zeMJ3JOh5rHfAed2qxJ1t8LPeuFY7jDbUdLf2On4gyQfGr/7xdEG1+DRxRMukxQp
N6+Hyxck88kI70jDj4WAUjQdNeTldZ1elCEzlhHWTkWI57cXb6siY9rdRCl2UofU
m7h4jEyPKrMl7/BJ/EgX7Oi+XkA5FumYm7uAyrRD0Y+V1fDib28yeudgYdHB0wzT
8B61vWNd+whW54TM0IEWUzYPHukQHuoyJAn9a9bVbEqQA7naOERBX31Wi6V/CXfQ
KXAAnsrbU9wORRA1Zl43G20J87VI7SNINIzE3mXCFkkfqRzWQ5zADASY/9IxZzce
3jLw3kPwjmmVNEPk+4TQmVSlNYRHwDe1dA6m2lyBOMRRYzXy1Gsv13xgHN+2BK0a
7QCN2ODsRaM=
=DksQ
-----END PGP SIGNATURE-----