Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

Google Chrome Multiple vulnerabilities

 

Systems Affected


Windows
OS X
Linux variants
Android

Threat Level

Overview


A number of vulnerabilities have been identified in Google Chrome for Windows, Mac and Linux prior to version 36.0.1985.125 and Google Chrome for Android prior to version 36.0.1985.122. [1, 2]


Description


The vendor has provided the following details regarding these Issues: Chrome for Windows, Mac and Linux: "This update includes 26 security fixes. Below, we highlight fixes that were either contributed by external researchers or particularly interesting. Please see the Chromium security page for more information. [$2000][380885] Medium CVE-2014-3160: Same-Origin-Policy bypass in SVG. Credit to Christian Schneider. As usual, our ongoing internal security work responsible for a wide range of fixes: [393765] CVE-2014-3162: Various fixes from internal audits, fuzzing and other initiatives. Many of the above bugs were detected using AddressSanitizer." [1] Chrome for Android: "[$3000][352083] High CVE-2014-3159: Omnibox URL Spoofing (Android). Credit to Keita Haga. [334204] Medium CVE-2014-3161: Same origin policy bypass (Android). Credit to Håvard Molland from Opera" [2]


Impact



Solution/ Workarounds


The vendor recommends updating to the latest versions of Google Chrome to correct these issues. [1, 2]


References


http://auscert.org.au/


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.