‫ Google Chrome Multiple Vulnerabilities

ID: IRCAD2015104111

Release Date: 2015-10-13

Software:

Google Chrome 45.x

Description:

Multiple vulnerabilities have been reported in Google Chrome, where multiple have an unknown impact and the others can be exploited by malicious people to disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system.

1) An unspecified error in Blink can be exploited to bypass the cross-origin policy.

2) A use-after-free error in PDFium can be exploited to corrupt memory.

3) A use-after-free error in ServiceWorker can be exploited to corrupt memory.

4) A type confusion error in PDFium can be exploited to corrupt memory.

5) An error in LocalStorage can be exploited to disclose certain information.

6) An error exists in libANGLE. No further information is currently available.

7) An error in FFMpeg can be exploited to corrupt memory.

Successful exploitation of the vulnerabilities #2 through #4 and #7 may allow execution of arbitrary code.

8) An unspecified error can be exploited to bypass CORS via specially crafted CSS fonts.

9) Multiple unspecified errors exist. No further information is currently available.

The vulnerabilities are reported in versions prior to 46.0.2490.71.

Solution

Upgrade to version 46.0.2490.71.

References:

http://googlechromereleases.blogspot.dk/2015/10/stable-channel-update.html

Secunia:

https://secunia.com/advisories/66851/

 


نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 27 مهر 1394

امتیاز

امتیاز شما
تعداد امتیازها:0