‫ Google Chrome Multiple Vulnerabilities

ID: IRCAD2014113635
Release Date: 2014-11-18
Criticality level: Highly critical
Software:
Google Chrome 38.x
Description:
Some vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to disclose potentially sensitive information, conduct spoofing attacks, bypass certain security restrictions, and compromise a user's system.
1) An unspecified error can be exploited to spoof the address bar.
2) A use-after-free error exists in pdfium.
3) An integer overflow error exists in pdfium.
4) Another use-after-free error exists in pdfium.
5) An unspecified error in pdfium can be exploited to cause a buffer overflow.
6) An unspecified error in Skia can be exploited to cause a buffer overflow.
7) An error when handling intents without BROWSABLE category can be exploited to navigate to otherwise restricted intents.
8) A use-after-free error exists in pepper plugins.
9) The application bundles a vulnerable version of Adobe Flash Player.
10) A use-after-free error exists in blink.
11) An integer overflow error exists in media.
Successful exploitation of the vulnerabilities #2 through #6 and #8 through #‫11 may allow execution of arbitrary code.
12) An error in Skia can be exploited to read uninitialized memory.
13) Some unspecified errors exist. No further information is currently available.
The vulnerabilities are reported in versions prior to 39.0.2171.65.
Solution
Upgrade to version 39.0.2171.65.
References:
Secunia:
 
 
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 8 آذر 1393

امتیاز

امتیاز شما
تعداد امتیازها:0