Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

Multiple Vulnerabilities in Google Chrome

 

Systems Affected


Google Chrome prior to version 43.0.2357.65

Threat Level


High


Overview


Multiple vulnerabilities have been reported in the Google Chrome for Windows, Mac, and Linux, which could allow remote attackers to execute arbitrary code, cause a denial of service, access sensitive information, conduct cross-site scripting(XSS) attacks, or bypass security restrictions on the targeted system installed with affected version of software.


Description


The Google Chrome for Windows, Mac, and Linux is vulnerable to the following vulnerabilities like Sandbox escape in Chrome, Cross-origin bypass in DOM and Editing, Use-after-free in WebAudio and SVG, Speech and WebRTC, Container-overflow in SVG, Negative-size parameter in Libvpx, Uninitialized value in PDFium and in Blink, URL bar spoofing, Insecure download of spellcheck dictionary, Cross-site scripting in bookmarks and Multiple security fixes from Googles internal security team has been fixed in the latest release on Google Chrome.

An unauthenticated remote attacker could exploit these vulnerabilities by convincing users to view a malicious website that is specially designed to submit crafted data to the affected software. Successful exploitation of these vulnerabilities could allow remote attackers to execute arbitrary code, cause denial of service, access sensitive information, conduct cross-site scripting (XSS) attacks, or bypass security restrictions on the targeted systems installed with affected version of software.


Impact



Solution/ Workarounds


Upgrade to Google chrome version 43.0.2357.65 https://www.google.com/chrome


References



Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.