[PCWorks] Google Chrome Multiple Vulnerabilities

• From: "Clint Hamilton-PCWorks Admin" <PCWorks@xxxxxxxxxxxxxxxxxxxxxxxx>
• To: "PCWorks@xxxxxxxxxxxxx" <pcworks@xxxxxxxxxxxxx>
• Date: Fri, 3 Sep 2010 23:13:50 -0500

TITLE:
Google Chrome Multiple Vulnerabilities

Criticality level:  Highly critical
Impact:  Security Bypass, Spoofing, Exposure of sensitive 
information, System access
Where:  From remote

http://secunia.com/advisories/41242/

DESCRIPTION:
Some vulnerabilities have been reported in Google Chrome, which 
can
be exploited by malicious people to bypass certain security
restrictions, disclose potentially sensitive information, 
conduct
spoofing attacks, and compromise a user's system.

1) Certain unspecified homographic sequences can be used to 
spoof the
URL bar.

2) The application did not properly restrict access to the 
clipboard,
which can be exploited to e.g. set the clipboard content.

3) A stale pointer error exists related to SVG filters. Further
information is currently not available.

4) An unspecified error can be exploited to enumerate installed
extensions.

5) A use-after-free error exists within the notification 
presenter.
Further information is currently not available.

6) An unspecified error related to the notification permissions 
can
be exploited to cause a memory corruption.

7) "Integer errors" exist related to WebSockets. Further 
information
is currently not available.

8) An unspecified error related to counter nodes can be 
exploited to
cause a memory corruption.

9) The application may store excessive autocomplete entries. 
Further
information is currently not available.

10) A stale pointer error exists within the focus handling. 
Further
information is currently not available.

11) An unspecified error exists within the sandbox parameter
deserialisation.

12) An unspecified error can be exploited to conduct 
cross-origin
image thefts.

Note: Additionally, an error related to WebSockets can be 
exploited
to cause a "NULL crash" and the pop-up blocker can be bypassed 
via
blank frame targets.

SOLUTION:
Fixed in version 6.0.472.53.

ORIGINAL ADVISORY:
http://googlechromereleases.blogspot.com/2010/09/stable-and-beta-channel-updates.html


=========================
The list's FAQ's can be seen by sending an email to 
PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line.

To unsubscribe, subscribe, set Digest or Vacation to on or off, go to 
//www.freelists.org/list/pcworks .  You can also send an email to 
PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line.  Your 
member list settings can be found at 
//www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks .  Once logged in, you have 
access to numerous other email options.  

The list archives are located at //www.freelists.org/archives/pcworks/ .  
All email posted to the list will be placed there in the event anyone needs to 
look for previous posts.
-zxdjhu-

Other related posts:

• » [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
• » [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
• » [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
• » [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
• » [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
• » [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
• » [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
• » [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
• » [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
• » [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
• » [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
• » [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
• » [PCWorks] Google Chrome Multiple Vulnerabilities - Clint Hamilton-PCWorks Admin
• » [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
• » [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
• » [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
• » [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
• » [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
• » [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
• » [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
• » [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
• » [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
• » [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
• » [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
• » [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
• » [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
• » [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
• » [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
• » [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
• » [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
• » [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
• » [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
• » [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
• » [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
• » [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
• » [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
• » [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
• » [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
• » [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
• » [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin

1. Home
2. pcworks
3. Archive
4. 09-2010

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---