TITLE: Google Chrome Multiple Vulnerabilities Criticality level: Highly critical Impact: Security Bypass, Spoofing, Exposure of sensitive information, System access Where: From remote http://secunia.com/advisories/41242/ DESCRIPTION: Some vulnerabilities have been reported in Google Chrome, which can be exploited by malicious people to bypass certain security restrictions, disclose potentially sensitive information, conduct spoofing attacks, and compromise a user's system. 1) Certain unspecified homographic sequences can be used to spoof the URL bar. 2) The application did not properly restrict access to the clipboard, which can be exploited to e.g. set the clipboard content. 3) A stale pointer error exists related to SVG filters. Further information is currently not available. 4) An unspecified error can be exploited to enumerate installed extensions. 5) A use-after-free error exists within the notification presenter. Further information is currently not available. 6) An unspecified error related to the notification permissions can be exploited to cause a memory corruption. 7) "Integer errors" exist related to WebSockets. Further information is currently not available. 8) An unspecified error related to counter nodes can be exploited to cause a memory corruption. 9) The application may store excessive autocomplete entries. Further information is currently not available. 10) A stale pointer error exists within the focus handling. Further information is currently not available. 11) An unspecified error exists within the sandbox parameter deserialisation. 12) An unspecified error can be exploited to conduct cross-origin image thefts. Note: Additionally, an error related to WebSockets can be exploited to cause a "NULL crash" and the pop-up blocker can be bypassed via blank frame targets. SOLUTION: Fixed in version 6.0.472.53. ORIGINAL ADVISORY: http://googlechromereleases.blogspot.com/2010/09/stable-and-beta-channel-updates.html ========================= The list's FAQ's can be seen by sending an email to PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line. To unsubscribe, subscribe, set Digest or Vacation to on or off, go to //www.freelists.org/list/pcworks . You can also send an email to PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line. Your member list settings can be found at //www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks . Once logged in, you have access to numerous other email options. The list archives are located at //www.freelists.org/archives/pcworks/ . All email posted to the list will be placed there in the event anyone needs to look for previous posts. -zxdjhu-