|| Hotline : 800 2378 ||  To contact CERT-MU send e-mail on --> info[at]cert-mu.gov.mu ||  To report incident e-mail on --> incident[at]cert-mu.gov.mu || To report Vulnerabilities send e-mail on --> Vulnerability[at]cert-mu.gov.mu ||
    Constituency
    Authority
    Vol. 2, Feb 2012
    Vol. 1, Oct 2011
    World CERTs
    Email Abuse
 
 
Authorized to use CERT(TM) - CERT is a mark owned by Carnegie Mellon University
 
 
 
 
 
 
 
 
 
 
 
 


   
 

CERT-MU AD-2012-07

Google Chrome Prior to 16.0.912.75 Multiple Security Vulnerabilities

Original issue date: January 06, 2012

Updated: January 16, 2012

Severity Rating: High

Overview
Multiple vulnerabilities have been identified in Google Chrome and they can be exploited by remote attackers to cause execution of arbitrary code in the context of the browser or cause a denial of service condition. Google Chrome has released an update to address these vulnerabilities.

Description

Multiple vulnerabilities have been identified in Google Chrome and they can be exploited by remote attackers to cause execution of arbitrary code in the context of the browser or cause a denial of service condition. The vulnerabilities exist because of the following issues:

  • A heap-based buffer overflow occurs in libxml2 and it can allow remote attackers to cause a denial of service condition.
  • A use-after-free vulnerability exists and it can allow remote attackers to cause a denial of service or have other impact via vectors involving animation frames.
  • A stack based overflow occurs in Google Chrome and it can allow remote attackers to cause a denial of service condition or have other impact via vectors associated to glyph handling.

Google Chrome has released an update to address the vulnerabilities

Affected Systems

  • RedHat Enterprise Linux WS 4
  • RedHat Enterprise Linux ES 4
  • RedHat Enterprise Linux Desktop Workstation 5 client
  • RedHat Enterprise Linux Desktop version 4
  • Red Hat Enterprise Linux Workstation Optional 6
  • Red Hat Enterprise Linux Workstation 6
  • Red Hat Enterprise Linux Server Optional 6
  • Red Hat Enterprise Linux Server 6
  • Google Chrome 15.0.874 102
  • Google Chrome 6.0.472 55
  • Google Chrome 6.0.472 55
  • Google Chrome 5.0.375 99
  • Google Chrome 5.0.375 99
  • Google Chrome 5.0.364.0
  • Google Chrome 5.0.363.0
  • Google Chrome 5.0.362.0
  • Google Chrome 5.0.361.0
  • Google Chrome 5.0.360.5

List of other affected systems is available on:

http://www.securityfocus.com/bid/51300/info

Solution

Users are advised to apply updates.

More information about the update is available on:

http://www.securityfocus.com/bid/51300/solution

CVE Information

CVE-2011-3919

CVE-2011-3921

CVE-2011-3922

References

Security Focus

http://www.securityfocus.com/bid/51300/info

Google Chrome Releases

http://googlechromereleases.blogspot.com/2012/01/stable-channel

Red Hat Security Advisory

http://packetstormsecurity.org/files/cve/CVE-2011-3922

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

E-mail:

Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis


  
 
News & Events
Safer Internet Day 2012
Computer Security Day 2011
Workshop on Cloud Security
Workshop on Mobile Security
Certificate Award Ceremony for Trainings in Information Security Management
  more...
 
Virus Alerts
RSS Feed
Subscribe Mailing List
 
 
 

Last Updated 20-Jul-2011
Disclaimer Maintained & Hosted by NCB
This site is best viewed in 1024 x 768 resolution. Internet Explorer 6.0 +
18-Jan-2012