TITLE: Google Chrome Multiple Vulnerabilities Criticality level: Highly critical Impact: Security Bypass, Spoofing Where: From remote VERIFY ADVISORY: http://secunia.com/advisories/39029/ DESCRIPTION: Some vulnerabilities have been reported in Google Chrome, where some have unknown impacts and others can be exploited by malicious people to conduct spoofing attacks and bypass certain security restrictions. 1) Some race conditions and pointer errors exist within the sandbox infrastructure. 2) An error exists related to persisted metadata such as Web Databases and STS. 3) The application processes HTTP headers before completing the SafeBrowsing check. 4) A memory error exists related to malformed SVG files. 5) Integer overflow errors exist within certain unspecified WebKit JavaScript objects. 6) The HTTP basic authentication dialog truncates URLs. 7) An unspecified error can be exploited to bypass the download warning dialog. 8) An unspecified error can be exploited to bypass the cross-origin policy. SOLUTION: Update to version 4.1.249.1036. ORIGINAL ADVISORY: http://googlechromereleases.blogspot.com/2010/03/stable-channel-update.html ========================= The list's FAQ's can be seen by sending an email to PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line. To unsubscribe, subscribe, set Digest or Vacation to on or off, go to //www.freelists.org/list/pcworks . You can also send an email to PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line. Your member list settings can be found at //www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks . Once logged in, you have access to numerous other email options. The list archives are located at //www.freelists.org/archives/pcworks/ . All email posted to the list will be placed there in the event anyone needs to look for previous posts. -zxdjhu-