|
Systems Affected
Google Chrome prior to 44.0.2403.89
Threat Level
Overview
Multiple vulnerabilities have been reported in Google Chrome. A remote attacker could exploit these vulnerabilities to cause Denial of Service (DoS) Conditions, arbitrary code execution, disclosure of sensitive information, Man-In-The-Middle(MITM) attack etc. on the system installed with affected version of software.
Description
Multiple vulnerabilities have been reported in Google Chrome. These vulnerabilities are due to Heap-buffer-overflows in PDFium and expat library, Use-After-Free vulnerability in IndexedDB, Blink, GPU process, accessibility and PDFium, uninitialized memory read in ICU, exception handling error in the V8, Content Security Policy bypass, Same Origin Policy bypass, insecure download error in Spellcheck API implementation, memory corruption issue in SKIA library, Universal XSS in Blink & UrlUtilities in Chrome for Android and URL Spoofing in PDFium.
A remote attacker could exploit these vulnerabilities by enticing a user to view a malicious web page that is designed to submit crafted data to the affected software. Successful exploitation of these vulnerabilities allow the attacker to execute arbitrary code, disclosure of sensitive information, perform man-in-the-middle (MITM) attack, bypass security restrictions, or cause a Denial of Service (DoS) condition on the target system.
Impact
Solution/ Workarounds
Upgrade to Google Chrome version 44.0.2403.89
http://www.google.com/chrome/
References
http://www.cert-in.org.in/
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
|
