TITLE: Google Chrome Multiple Vulnerabilities Highly critical Impact: Cross Site Scripting, System access Where: From remote VERIFY ADVISORY: http://secunia.com/advisories/39544/ DESCRIPTION: Some vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to conduct cross-site request forgery and cross-site scripting attacks or potentially compromise a user's system. 1) An unspecified error exists in the type handling related to forms. 2) An unspecified error in the handling of HTTP requests can potentially be exploited to conduct cross-site request forgery attacks. 3) An unspecified error exists related to local file references through developer tools. 4) An unspecified error related to "chrome://net-internals" can be exploited to conduct cross-site scripting attacks. 5) An unspecified error related to "chrome://downloads" can be exploited to conduct cross-site scripting attacks. 6) An unspecified error may cause pages to load with privileges of the "New Tab" page. 7) An unspecified error in V8 bindings can be exploited to corrupt memory. SOLUTION: Update to version 4.1.249.1059. ORIGINAL ADVISORY: http://googlechromereleases.blogspot.com/2010/04/stable-update-security-fixes.html ========================= The list's FAQ's can be seen by sending an email to PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line. To unsubscribe, subscribe, set Digest or Vacation to on or off, go to //www.freelists.org/list/pcworks . You can also send an email to PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line. Your member list settings can be found at //www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks . Once logged in, you have access to numerous other email options. The list archives are located at //www.freelists.org/archives/pcworks/ . All email posted to the list will be placed there in the event anyone needs to look for previous posts. -zxdjhu-