Google Chrome: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2015.0052
     A number of vulnerabilities have been identified in Google Chrome
                                20 May 2015

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Google Chrome
Operating System:     UNIX variants (UNIX, Linux, OSX)
                      Windows
Impact/Access:        Denial of Service               -- Remote with User Interaction
                      Execute Arbitrary Code/Commands -- Remote with User Interaction
                      Provide Misleading Information  -- Remote with User Interaction
                      Unauthorised Access             -- Remote with User Interaction
                      Cross-site Scripting            -- Remote with User Interaction
                      Reduced Security                -- Remote with User Interaction
Resolution:           Patch/Upgrade
CVE Names:            CVE-2015-1264 CVE-2015-1263 CVE-2015-1262
                      CVE-2015-1261 CVE-2015-1260 CVE-2015-1259
                      CVE-2015-1258 CVE-2015-1257 CVE-2015-1256
                      CVE-2015-1255 CVE-2015-1254 CVE-2015-1253
                      CVE-2015-1252 CVE-2015-1251 
Member content until: Friday, June 19 2015

OVERVIEW

        A number of vulnerabilities have been identified in Google Chrome 
        prior to version 42.0.2311.135 for Windows, Mac and Linux. [1]


IMPACT

        The vendor has provided the following details regarding the 
        vulnerabilities:
        
        "This update includes 37 security fixes. Below, we highlight fixes 
        that were contributed by external researchers. Please see the 
        Chromium security page for more information.
        
        [$16337][474029] High CVE-2015-1252: Sandbox escape in Chrome. 
        Credit to anonymous.
        
        [$7500][464552] High CVE-2015-1253: Cross-origin bypass in DOM. 
        Credit to anonymous.
        
        [$3000][444927] High CVE-2015-1254: Cross-origin bypass in Editing.
        Credit to armin@rawsec.net.
        
        [$3000][473253] High CVE-2015-1255: Use-after-free in WebAudio. 
        Credit to Khalil Zhani.
        
        [$2000][478549] High CVE-2015-1256: Use-after-free in SVG. Credit to
        Atte Kettunen of OUSPG.
        
        [481015] High CVE-2015-1251: Use-after-free in Speech. Credit to 
        SkyLined working with HP's Zero Day Initiative
        
        [$1500][468519] Medium CVE-2015-1257: Container-overflow in SVG. 
        Credit to miaubiz.
        
        [$1000][450939] Medium CVE-2015-1258: Negative-size parameter in 
        Libvpx. Credit to cloudfuzzer
        
        [$1000][468167] Medium CVE-2015-1259: Uninitialized value in PDFium.
        Credit to Atte Kettunen of OUSPG
        
        [$1000][474370] Medium CVE-2015-1260: Use-after-free in WebRTC. 
        Credit to Khalil Zhani.
        
        [$500][466351] Medium CVE-2015-1261: URL bar spoofing. Credit to 
        Juho Nurminen.
        
        [$500][476647] Medium CVE-2015-1262: Uninitialized value in Blink. 
        Credit to miaubiz.
        
        [$500][479162] Low CVE-2015-1263: Insecure download of spellcheck 
        dictionary. Credit to Mike Ruddy.
        
        [$500][481015] Low CVE-2015-1264: Cross-site scripting in bookmarks.
        Credit to K0r3Ph1L." [1]


MITIGATION

        Affected users are advised to upgrade to the latest version. [1]


REFERENCES

        [1] Stable Channel Update
            http://googlechromereleases.blogspot.com.au/2015/05/stable-channel-update_19.html

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBVVvvIBLndAQH1ShLAQJUQg/+PzWY5qc4Cfvy29kCjO81duJrstRkOoj1
sRV4F3BaOSgjc3jNgeHvCRDtifeynsv+KiIYsNhV3E5HTvkixxdtt7UycOjTFlG8
MhZhYa6zYZ79yKjl8jL/22Nn0yg7ndT9MGJP/TBX11ZM/2zyUoUtWkaywazPxHou
/+z/dnpxlVgBm/WU/IyJlbWw4o0LYz3T/Jg4O43IKdCpC70JPSb4sM7Wfoq5A1Vv
V0VTPiuW3a6k2wtiE07nhzSzu+1prs/hvfM48e7mHW4CHvcvnf30z0mqdDQUIA3I
+OqfoKU2dJn1FXpuzvnnixkeg0GeKJ/Zd+84398F0bZ+apVJleWvr1Rk4u8pv1DQ
+rHp2qz6eYRdu2iJ58BRt8I1ZPqHn5A55qPDNymQdXUkltOwlHEJQZ8fqTi1aQ8W
mU7fpfGNMe79FGmqbFtZTcwE/7uF/resvN44OevSWVImtlZQ5HT2Gy5qB03/FZ0D
97D5pC5vAYKkpoy70wESe3HPc3Eu5Hz3bT0neVGh7HPIu7GKrTZE3GKRemZMr10L
27YD7bLUvKAkPvbvzrc/e31KlWBfuoorm17OUBY5z+p/Y1HL+qouGaH9iXWu2nXK
nz7GCsmaYwlQG42RWe42HSxzr9u+fXPZyMDhVP5mI2+AB02zmz6EBJhcQGxGOIM+
GMUxmYeth+0=
=ug/o
-----END PGP SIGNATURE-----