en

Google Chrome Multiple Vulnerabilities

ID: IRCAD2015043881
Release Date: 2015-04-14
Criticality level: Highly critical
Software:
Google Chrome 41.x
Description:
Multiple vulnerabilities have been reported in Google Chrome, where multiple have an unknown impact and the others can be exploited by malicious people to conduct clickjacking attacks, bypass certain security restrictions, and compromise a user's system.
1) An error in HTML parser can be exploited to bypass cross-origin protection.
2) An error in Blink can be exploited to bypass cross-origin protection.
3) A use-after-free in IPC can be exploited to corrupt memory.
4) An error in Skia can be exploited to cause an out-of-bounds write.
5) An error in WebGL can be exploited to cause an out-of-bounds read.
6) An unspecified error can be exploited to conduct clickjacking attacks.
7) A type confusion error in V8 can be exploited to corrupt memory.
8) An error in WebSockets can be exploited to bypass HSTS.
9) A use-after-free error in PDFium can be exploited to corrupt memory.
Successful exploitation of the vulnerabilities #3, #4, #7, and #9 may allow execution of arbitrary code.
10) An error in Blink can be exploited to cause an out-of-bounds read.
11) An unspecified error exists related to scheme issues in OpenSearch.
12) An unspecified error can be exploited to bypass SafeBrowsing.
13) Multiple unspecified errors exist.
The vulnerabilities are reported in versions prior to 42.0.2311.90.
Solution
Upgrade to version 42.0.2311.90.
References:
Secunia:

The Wall

No comments
You need to sign in to comment