Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2016.0090 Multiple vulnerabilities have been identified in Google Chrome 15 September 2016 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Google Chrome Operating System: Windows OS X Linux variants Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Access Confidential Data -- Remote with User Interaction Reduced Security -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2016-5175 CVE-2016-5174 CVE-2016-5173 CVE-2016-5172 CVE-2016-5171 CVE-2016-5170 Member content until: Saturday, October 15 2016 OVERVIEW Multiple vulnerabilities have been identified in Google Chrome prior to version 53.0.2785.113. [1] IMPACT The vendor has provided the following information: "This update includes these security fixes. Below, we highlight fixes that were contributed by external researchers, including those not already mentioned in recent release notes. Please see the Chrome Security Page for more information [$TBD][641101] High CVE-2016-5170: Use after free in Blink. Credit to Anonymous [$TBD][643357] High CVE-2016-5171: Use after free in Blink. Credit to Anonymous [$TBD][616386] Medium CVE-2016-5172: Arbitrary Memory Read in v8. Credit to Choongwoo Han [$3000][468931] Medium CVE-2016-5173: Extension resource access. Credit to Anonymous [$1000][579934] Medium CVE-2016-5174: Popup not correctly suppressed. Credit to Andrey Kovalev (@L1kvID) Yandex Security Team We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel. As usual, our ongoing internal security work was responsible for a wide range of fixes: - [646394] CVE-2016-5175: Various fixes from internal audits, fuzzing and other initiatives." [1] MITIGATION The vendor recommends updating to the latest version. [1] REFERENCES [1] Stable Channel Update for Desktop https://googlechromereleases.blogspot.com.au/2016/09/stable-channel-update-for-desktop_13.html AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBV9o9bYx+lLeg9Ub1AQiHeg//cToieSJN8sB7ismB4HoNzGSFhyKfltpw J7jg1XJ3J53b+GWfJ3lCFzf8v8OuPk8szjh8kXns3Ow4mt8awbdvhRkgy8awF5DC jHC9/aT2AplD//nv63arXotSZ130P0LAkKKNoIFlv27tAw536aF6NUUG/ic30tSf 8Su2Ql0ZN3T7O52aWk6bKwuO8H7ZWxlQyNvDWugQPtWjAreMEOheKNvwhCc2wPLL c4dOHi53XX5id5BoWbx8P686Qv3vfR4AKpZJ2S94WnD5OnFi5vZuuQfR95jupT7Z tgpxv4ArxjwVpTbznxWNQC/MliP+T1Q96Ds2K7/VtWBUGmSw6t8oZ6suhz3c3MAB uBkrbemUEw4msfuhTsO8w0NprEnhDDGndVua5pR0ZSbCzd29DvYIYpmAqsA9ShCI ngTSjMfc6iHNJcrSQsrcMZ+CHEkOxbetpl2vEui7CiYVHzSpaHxMWR+OYuX02Bo5 Cd4LRAf1st3kPJZ88hfb+Ufv0U19hD3EXdu0nyBStvXaNnkj4Zgb0U6nxupyYGrA zS8y000rmN7ztFmgY0fCZ0Z+v9Nk7GGId7gqiDimYSMiqPWOnQBAh1HDNNO4h2Qx ZC9PnjZRvKB43bwToijc7Ayz02sRynvqOB5u3chh/tNKo/ndtbZ7Uo+gYjaC0ovQ ebEsHKalBIo= =sKoQ -----END PGP SIGNATURE-----