فا

‫ Google Chrome Multiple Vulnerabilities

IRCAD2014043245

Number:IRCAD2014043245
Date: 2014/04/08

Software:

Google Chrome 33.x

Description

Some vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited to conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a user's system.

1)An unspecified error within V8 can be exploited to conduct cross-site scripting attacks.

2)An error within V8 can be exploited to cause an out-of-bounds memory access.

3)An integer overflow error exists within compositor.

4)A use-after-free error exists within web workers.

5)A use-after-free error exists within DOM.

6)An unspecified error within V8 can be exploited to cause memory corruption.

7)A use-after-free error exists within rendering.

8)An unspecified error exists when handling URLs containing RTL characters.

9)A use-after-free error exists in speech.

10)An error when handling certain window property can be exploited to cause an out-of-bounds read access.

11)An unspecified error can be exploited to bypass certain cross-origin policies.

12)A use-after-free error exists in forms.

13)Some unspecified errors exist.

14)Some other unspecified errors exist in V8.

15)The application bundles a vulnerable version of Adobe Flash Player.

Successful exploitation of vulnerabilities #2 through #7, #9, and #‫12 through #‫14 may allow execution of arbitrary code.

The vulnerabilities are reported in versions prior to 34.0.1847.116.

Solution:

Upgrade to version 34.0.1847.116.

Resources:
secunia:

http://secunia.com/advisories/57506/


نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 20 فروردین 1393

امتیاز

امتیاز شما
تعداد امتیازها: 0