IT security: Multiple risks in Google Chrome, says US-CERT
US-CERT, the USA's government software watchdog, warns of five "high vulnerability" issues with Google Chrome browser. The issues affect Windows, Linux and MacOS X versions.There are many more less serious issues, says US-CERT
Most Recent - This Section
IT Security: criminals exploit insecure WordPress installationsIT Security: Phishing attack from within Yahoo Messenger
IT Security: Zappos.Com admits huge security breach.
IT Security: "Twihards" targeted by internet crooks
IT Security: Microsoft ceases use of "supercookies."
Most Recent - Whole Site
The Risk Professional: Green Capital Consulting GroupLegal Professional: Baker Mac lawyer guilty of money laundering and securities fraud
Sales and Marketing: shooting oneself in the foot
Business Crime: Dear Mrs Kate Dave: Yes, please. Send it now.
The Risk Professional: Is your data secure enough for the UK's ICO?
Most Recent - BankingInsuranceSecurities.Com
Sanctions: USA PATRIOT Act designation 20120522Sanctions: OFAC Update 20120515
Sanctions: OFAC update 20120508
Sanctions: OFAC Update 20120517
Sanctions: OFAC Update 20120517 - 2
The listed High Vulnerabilities are:
1. Use-after-free vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to history handling.
2. Incomplete blacklist vulnerability in Google Chrome before 8.0.552.215 on Linux and Mac OS X allows remote attackers to have an unspecified impact via a "dangerous file."
3. Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via malformed video content that triggers an indexing error.
4. Use-after-free vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG animations.
5. Double free vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.
The latest version of Chrome can be downloaded from http://www.google.com/chrome/
The listed medium vulnerabilities are:
1. Unspecified vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to bypass the pop-up blocker via unknown vectors.
2. Google Chrome before 8.0.552.215 does not properly restrict read access to videos derived from CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive video data via a crafted web site.
3. Google Chrome before 8.0.552.215 does not properly handle HTML5 databases, which allows attackers to cause a denial of service (application crash) via unspecified vectors.
4. Google Chrome before 8.0.552.215 does not properly restrict the generation of file dialogs, which allows remote attackers to cause a denial of service (reduced usability and possible application crash) via a crafted web site.
5. Google Chrome before 8.0.552.215 does not properly handle HTTP proxy authentication, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.
6. Google Chrome before 8.0.552.215 does not properly handle WebM video, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. NOTE: this vulnerability exists because of a regression.
7. Google Chrome before 8.0.552.215 does not properly restrict privileged extensions, which allows remote attackers to cause a denial of service (memory corruption) via a crafted extension.
8. Use-after-free vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service via vectors related to the handling of mouse dragging events.
Download PDF version of this page
