Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

Multiple Vulnerabilities in Google Chrome

 

Systems Affected


Google Chrome prior to version 41.0.2272.118

Threat Level


High


Overview


Multiple vulnerabilities have been reported in the Google Chrome which could allow remote attackers to execute remote code or cause denial of service (DOS) conditions on the targeted systems installed with affected version of software.


Description


1. Remote Code Execution Vulnerability ( CVE-2015-1233 )

This vulnerability is caused due to improper interaction of IPC, the Gamepad API and Google V8 in Google Chrome. A remote attacker could exploit this vulnerability via unspecified vectors to execute arbitrary code outside of the sandbox.

2. Denial of Service Vulnerability ( CVE-2015-1234 )

This vulnerability is caused due to race condtion in gpu/command_buffer/service/ gles2_cmd_decoder.cc in Google Chrome. A remote attacker could exploit this vulnerability by manipulating OpenGL ES commands, triggering a race condition. Successful exploitation of this vulnerability could lead to denial of service conditions.


Impact



Solution/ Workarounds


Upgrade to Google chrome version 41.0.2272.118
https://www.google.com/chrome


References


http://www.cert-in.org.in/


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.