فا

‫ Google Chrome Multiple Vulnerabilities

IRCAD2014083481

ID: IRCAD2014083481

Release Date: 2014-08-27

Criticality level: Highly critical

Software:
Google Chrome 36.x
Description:

Some vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to conduct spoofing attacks, bypass certain security restrictions, and compromise a user's system.

1) Some errors within V8, IPC, sync, and extensions can be exploited to execute arbitrary code outside the sandbox.

2) A use-after-free error exists within SVG.
3) A use-after-free error exists within DOM.

4) An error within Extension permission dialog can be exploited to spoof certain content.

5) A use-after-free error exists within bindings.
6) An error exists within extension debugging.
7) An uninitialized memory read error exists in WebGL.

8) An uninitialized memory read error exists in Web Audio.

9) Some unspecified errors exist. No further information is currently available.

Successful exploitation of the vulnerabilities #2, #3, and #5 may allow execution of arbitrary code.

The vulnerabilities are reported in versions prior to 37.0.2062.94.

Solution

Upgrade to version 37.0.2062.94 or later.

References:
Secunia:

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 11 شهریور 1393

امتیاز

امتیاز شما
تعداد امتیازها: 0