-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2015.0017
     A number of vulnerabilities have been identified in Google Chrome
                              6 February 2015

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Google Chrome
Operating System:     Windows
                      OS X
                      Linux variants
Impact/Access:        Execute Arbitrary Code/Commands -- Remote with User Interaction
                      Increased Privileges            -- Remote with User Interaction
                      Denial of Service               -- Remote with User Interaction
                      Unauthorised Access             -- Remote with User Interaction
Resolution:           Patch/Upgrade
CVE Names:            CVE-2015-1212 CVE-2015-1211 CVE-2015-1210
                      CVE-2015-1209  
Member content until: Sunday, March  8 2015

OVERVIEW

        A number of vulnerabilities have been identified in Google Chrome prior
        to versoin 40.0.2214.111. [1]


IMPACT

        This update includes fixes for eleven security issues. The vendor has
        provided the following details regarding a number of these issues:
        
        "[$TBD][447906] High CVE-2015-1209: Use-after-free in DOM. Credit to
        Maksymillian Motyl.
        
        [$TBD][453979] High CVE-2015-1210: Cross-origin-bypass in V8 
        bindings. Credit to anonymous.
        
        [$TBD][453982] High CVE-2015-1211: Privilege escalation using 
        service workers. Credit to anonymous.
        
        [455225] CVE-2015-1212: Various fixes from internal audits, fuzzing
        and other initiatives." [1]


MITIGATION

        The vendor recommends updating Google Chrome to correct these 
        issues. [1]


REFERENCES

        [1] Stable Channel Update
            http://googlechromereleases.blogspot.com.au/2015/02/stable-channel-update.html

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBVNRQJBLndAQH1ShLAQIx0A/9EHp8RJYwFbshlLZB2VPspgj5NLS6SPBR
hJArBuR3J4QR9FFKtwCe/W/UGYd+fBTy/p5yoAedWBBE7GUH+2q0jXzStrdSZnZe
bBy9xGwqR01rktDpbM9zgUMTkZzgkFScZ16xE5ubgjA5W1ADV1hvlqKvTFuqGRBM
06v/IeBxoFNqL6fof1c0MBnx400b+Ps91Pm6Tnl0q1vlYC6efdUoZZsRdPCdWPsc
Fslz9e6Hq0+7YsvdEqSP5I+vSwTXdzmd4HR8SsZkdu6VB1xwsFedqmQEkTXOr+9g
zeMJ3JOh5rHfAed2qxJ1t8LPeuFY7jDbUdLf2On4gyQfGr/7xdEG1+DRxRMukxQp
N6+Hyxck88kI70jDj4WAUjQdNeTldZ1elCEzlhHWTkWI57cXb6siY9rdRCl2UofU
m7h4jEyPKrMl7/BJ/EgX7Oi+XkA5FumYm7uAyrRD0Y+V1fDib28yeudgYdHB0wzT
8B61vWNd+whW54TM0IEWUzYPHukQHuoyJAn9a9bVbEqQA7naOERBX31Wi6V/CXfQ
KXAAnsrbU9wORRA1Zl43G20J87VI7SNINIzE3mXCFkkfqRzWQ5zADASY/9IxZzce
3jLw3kPwjmmVNEPk+4TQmVSlNYRHwDe1dA6m2lyBOMRRYzXy1Gsv13xgHN+2BK0a
7QCN2ODsRaM=
=DksQ
-----END PGP SIGNATURE-----