TITLE: Google Chrome Multiple Vulnerabilities Software: Google Chrome 11.x Criticality level: Highly critical Impact: Security Bypass, Cross Site Scripting, Exposure of sensitive information, System access Where: From remote SECUNIA ADVISORY ID: http://secunia.com/advisories/44829/ DESCRIPTION: Some vulnerabilities have been reported in Google Chrome, which can be exploited by malicious people to disclose potentially sensitive information, conduct injection attacks, bypass certain security restrictions, and potentially compromise a user's system. 1) A use-after-free error exists within the float handling. 2) A use-after-free error exists within the accessibility support. 3) An error related to CSS can be exploited to leak history information. 4) An unspecified error can be exploited to bypass the extensions permissions. 5) An error related to a stale pointer exists within the extension framework. 6) An error related to extensions can be exploited to inject script code into new tab pages. 7) A use-after-free error exists within the developer tools. 8) An unspecified error related to history deletion can be exploited to corrupt browser memory. 9) A use-after-free error exists within the image loader. 10) An unspecified error allows for "extension injection" into "chrome://" pages. 11) An error within v8 can be exploited to bypass the same origin restriction. 12) An error related to the DOM can be exploited to bypass the same origin restriction. SOLUTION: Upgrade to version 12.0.742.91. ORIGINAL ADVISORY: http://googlechromereleases.blogspot.com/2011/06/chrome-stable-release.html ========================= The list's FAQ's can be seen by sending an email to PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line. To unsubscribe, subscribe, set Digest or Vacation to on or off, go to //www.freelists.org/list/pcworks . You can also send an email to PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line. Your member list settings can be found at //www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks . Once logged in, you have access to numerous other email options. The list archives are located at //www.freelists.org/archives/pcworks/ . All email posted to the list will be placed there in the event anyone needs to look for previous posts. -zxdjhu-