Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Google Chrome < 20.0.1132.43 Multiple Vulnerabilities

High

Synopsis

The remote host contains a web browser that is affected by multiple vulnerabilities.

Description



Versions of Google Chrome earlier than 20.0.1132.43 are potentially affected by the following vulnerabilities :

- An unspecified error allows access to iFrame fragment ID information, (CVE-2012-2815)

- An unspecified issue is triggered when sandboxed processes interfere with one another. (CVE-2012-2816)

- A user-after free issue exists in handling table sections which may allow for execution of arbitrary code. (CVE-2012-02817)

- An unspecified use-after-free flaw exists in the counter layout which may allow for execution of arbitrary code. (CVE-2012-2818)

- A flaw exists in the WebGL subsystem when the texSubImage2d implementation does not properly handle uploads to floating-point textures, which may allow a remote denial of service. (CVE-2012-2919)

- An out-of-bounds read error occurs during the handling of SVG filters, which may allow a remote denial of service. (CVE-2012-2820)

- A flaw exists in the autofill display. No further details have been provided. (CVE-2012-2821)

- An out-of-bounds read error occurs during the handling of PDF files, which may allow multiple unspecified remote denial of service attacks. (CVE-2012-2822)

- An user-after-free flaw exists during the handling of SVG resources, which may allow for execution of arbitrary code. (CVE-2012-2823, CVE-2012-2831)

- An user-after-free flaw exists in SVG painting. No further details have been provided. (CVE-2012-2824)

- An out-of-bounds read error occurs during texture conversion which may allow a remote denial of service. (CVE-2012-2826)

- An use-after-free flaw in the Mac GUI. No further details have been provided. (CVE-2012-2827)

- A flaw exists in improper sanitizing of user-supplied inputting resulting in multiple unspecified integer overflows with a specially crafted PDF file. (CVE-2012-2828)

- An user-after-free flaw is triggered during handling of first letters. No further details have been provided. (CVE-2012-2829)

- A flaw is triggered when an unspecified NULL pointer dereference occurs in array setting handling. (CVE-2012-2830)

- A flaw is triggered when a NULL pointer dereference occurs in a PDF image codec. (CVE-2012-2832)

- An overflow condition occurs when the PDF JS API fails to properly sanitize user-supplied input resulting in a buffer overflow. (CVE-2012-2833)

- An overflow condition occurs in the Matroska container which fails to properly sanitize user-supplied input resulting in an integer overflow. (CVE-2012-2834)

- A flaw exists in the way it loads dynamic-link-libraries (DLL). (CVE-2012-2764)

- A flaw is triggered when an unspecified wild read occurs during the handling of XSL. (CVE-2012-2825)

- This issue is only present on 64-bit Linux platforms. The libxml is prone to multiple unspecified overflow conditions. (CVE-2012-2807)

Solution

Upgrade to Google Chrome 20.0.1132.43 or later.