Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

Multiple Vulnerabilities in Google Chrome

 

Systems Affected


Google Chrome prior to 44.0.2403.89

Threat Level


High


Overview


Multiple vulnerabilities have been reported in Google Chrome. A remote attacker could exploit these vulnerabilities to cause Denial of Service (DoS) Conditions, arbitrary code execution, disclosure of sensitive information, Man-In-The-Middle(MITM) attack etc. on the system installed with affected version of software.


Description


Multiple vulnerabilities have been reported in Google Chrome. These vulnerabilities are due to Heap-buffer-overflows in PDFium and expat library, Use-After-Free vulnerability in IndexedDB, Blink, GPU process, accessibility and PDFium, uninitialized memory read in ICU, exception handling error in the V8, Content Security Policy bypass, Same Origin Policy bypass, insecure download error in Spellcheck API implementation, memory corruption issue in SKIA library, Universal XSS in Blink & UrlUtilities in Chrome for Android and URL Spoofing in PDFium.

A remote attacker could exploit these vulnerabilities by enticing a user to view a malicious web page that is designed to submit crafted data to the affected software. Successful exploitation of these vulnerabilities allow the attacker to execute arbitrary code, disclosure of sensitive information, perform man-in-the-middle (MITM) attack, bypass security restrictions, or cause a Denial of Service (DoS) condition on the target system.


Impact



Solution/ Workarounds


Upgrade to Google Chrome version 44.0.2403.89
http://www.google.com/chrome/


References


http://www.cert-in.org.in/


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.