Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2017.0154 Multiple vulnerabilities have been identified in Google Chrome 22 September 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Google Chrome Operating System: Windows OS X Linux variants Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2017-5122 CVE-2017-5121 Member content until: Sunday, October 22 2017 OVERVIEW Multiple vulnerabilities have been identified in Google Chrome prior to version 61.0.3163.100. [1] IMPACT Google have provided the following details regarding the vulnerabilities: "This update includes 3 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information. [$7500][765433] High CVE-2017-5121: Out-of-bounds access in V8. Reported by Jordan Rabet, Microsoft Offensive Security Research and Microsoft ChakraCore team on 2017-09-14 [$3000][752423] High CVE-2017-5122: Out-of-bounds access in V8. Reported by Choongwoo Han of Naver Corporation on 2017-08-04." [1] MITIGATION The latest version of Google Chrome can be downloaded from the vendor's website. [2] REFERENCES [1] Stable Channel Update for Desktop https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop_21.html [2] Google Chrome http://www.google.com/chrome AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWcSMXIx+lLeg9Ub1AQj42Q/+IZC5oTxLijxSpJrQCDpvqT8Xv5m2KBYs M3wY0hD0izbOo/aeEBkfMGXbKPVtGZ30SHbsD3ljchGy9wxCHgmc0hlt2l8uUS24 XgHf5pt+eFbkSRJN28AMksYZ6XH3IhB9Syho5/aO1Bdn7RPBJ2b2KXu7Pg6NYl7l DvhM3ADBlWOW4nRkKd2NC2LCmVUvBu4IHLQXlv8VDt/Ub9AHFkDRUyDceMShjb7l XZVFyElfVUZsFARoUy9L8Y4IMvhABCddiA6djKeQD3St8oImILxKcJ7Ze5z5/QnK Xzc5KobRbJICRCf45IlEBWVFUcCFHHHyDmETf6FXA99hMglPRdjYCvz/qZmfAxTl rfcy9CJKHUbsIUMCb6a5++pu416JmATcL7CQV6X2qeiFran83VXTpF/yhdPYmNEP S2NNBNzq/ymnuYHS99FIDi/riypstJSfBeyrnuV+cjiUbmH+jFDLn9C2vfBPosbm IkoCvhggsoC6MMtxgrJQc8ZDgpkdlvDZedM8h2D7k0ZRIWBJ3GXuWMoeNZ5IMHuo cjUPmBhJ4TVI5/ZMiXhZ9qreWI3hLf7oLEKfXRCxuawj7lKwkHvoL9DfflZQRayv 3loe5KAIRP/fk7L1k3yQR9GbQ3cri2vPXPOSI9nDCxxO71Xugu+APYyYaUPdv7n4 IwgWMpR73MI= =YgWT -----END PGP SIGNATURE-----