[PCWorks] Google Chrome Multiple Vulnerabilities

From: "Clint Hamilton-PCWorks Admin" <PCWorks@xxxxxxxxxxxxxxxxxxxxxxxx>
To: "PCWorks@xxxxxxxxxxxxx" <pcworks@xxxxxxxxxxxxx>
Date: Wed, 27 Jan 2010 04:22:25 -0600

TITLE:
Google Chrome Multiple Vulnerabilities

Highly critical

Impact:  Security Bypass, Exposure of sensitive information,
DoS, System access

Where:  From remote

SECUNIA ADVISORY ID:
SA37769

VERIFY ADVISORY:
http://secunia.com/advisories/37769/

DESCRIPTION:
Some vulnerabilities and weaknesses have been reported in
Google Chrome, where some have unknown impacts and
others can be exploited by malicious people to disclose
potentially sensitive information, bypass certain security
restrictions, or compromise a user's system.

1) A use-after-free error when handling pop-up windows and
navigating away from the current site can be exploited to
corrupt memory via a specially crafted web page.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is confirmed in version 3.0.195.38. Other
versions may also be affected.

2) An unspecified error can be exploited to bypass the pop-up
blocker.

3) A design error in the handling of CSS stylesheets can be
exploited
to potentially disclose sensitive information from other
domains.

4) An unspecified error allows XMLHttpRequests to directories.

5) An unspecified error exists related to escaping characters
in
shortcuts.

6) Unspecified errors exist related to drawing on canvases,
which can
corrupt memory.

7) An unspecified error exists during image decoding, which can
corrupt memory.

8) An unspecified error exists, which may result in failure to
strip
"Referer".

9) An unspecified error affects cross-domain access.

10) An unspecified error exists in the deserialisation of
bitmaps.

SOLUTION:
Upgrade to version 4.0.249.78.

ORIGINAL ADVISORY:
Secunia Research:
http://secunia.com/secunia_research/2009-65/

Google:
http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html


=========================
The list's FAQ's can be seen by sending an email to 
PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line.

To unsubscribe, subscribe, set Digest or Vacation to on or off, go to 
//www.freelists.org/list/pcworks .  You can also send an email to 
PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line.  Your 
member list settings can be found at 
//www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks .  Once logged in, you have 
access to numerous other email options.  

The list archives are located at //www.freelists.org/archives/pcworks/ .  
All email posted to the list will be placed there in the event anyone needs to 
look for previous posts.
-zxdjhu-

Other related posts:

» [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
» [PCWorks] Google Chrome Multiple Vulnerabilities - Clint Hamilton-PCWorks Admin
» [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
» [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
» [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
» [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
» [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
» [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
» [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
» [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
» [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
» [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
» [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
» [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
» [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
» [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
» [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
» [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
» [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
» [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
» [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
» [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
» [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
» [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
» [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
» [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
» [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
» [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
» [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
» [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
» [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
» [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
» [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
» [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
» [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
» [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
» [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
» [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
» [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin
» [PCWorks] Google Chrome Multiple Vulnerabilities- Clint Hamilton-PCWorks Admin