فا

‫ Google Chrome Multiple Vulnerabilities

ID:IRCAD2014103557
Release Date: 2014-10-08
Criticality level: Highly critical
Software:
Google Chrome 37.x
 
Description:
Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to disclose potentially sensitive information, bypass certain security restrictions, and compromise a vulnerable system.
1)    Some errors related to V8 and IPC can be exploited to execute arbitrary code outside the sandbox.
2)    An error in PDFium can be exploited to cause an out-of-bounds read access.
3)    A use-after-free error exists in Events.
4)    A use-after-free error exists in Rendering.
5)    A use-after-free error exists in DOM.
6)    A type confusion error exists in Session Management.
7)    A use-after-free error exists within Web Workers.
8)    An error within V8 can be exploited to disclose certain information.
9)    An error can be exploited to bypass permissions in sandbox.
Note: This only affects versions running on Windows.
10) An error within XSS Auditor can be exploited to disclose certain information.
11) An error in PDFium can be exploited to cause an out-of-bounds read access.
12) An error within V8 bindings can be exploited to cause a Release Assert.
13) Some unspecified errors exist. No further information is currently available.
The vulnerabilities are reported in versions prior to 38.0.2125.101.
 
Solution:
Upgrade to version 38.0.2125.101.
 
References:
 
Secunia:
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 22 مهر 1393

امتیاز

امتیاز شما
تعداد امتیازها:0