ID

VAR-201211-0067

CVE

CVE-2012-5118

TITLE

Mac OS X Run on Google Chrome Service disruption in (DoS) Vulnerabilities

DESCRIPTION

Google Chrome before 23.0.1271.64 on Mac OS X does not properly validate an integer value during the handling of GPU command buffers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. (DoS) There are vulnerabilities that can be affected indefinitely, such as being in a state.Service disruption by a third party (DoS) There is a possibility of being affected unspecified, such as being in a state. Google Chrome is prone to multiple vulnerabilities. Attackers can exploit these issues to execute arbitrary code in the context of the browser, bypass security restrictions, or cause denial-of-service conditions; other attacks may also be possible. Versions prior to Chrome 23.0.1271.64 are vulnerable. Google Chrome is a web browser developed by Google (Google). - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201309-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Chromium, V8: Multiple vulnerabilities Date: September 24, 2013 Bugs: #442096, #444826, #445246, #446944, #451334, #453610, #458644, #460318, #460776, #463426, #470920, #472350, #476344, #479048, #481990 ID: 201309-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been reported in Chromium and V8, some of which may allow execution of arbitrary code. Background ========== Chromium is an open-source web browser project. V8 is Google's open source JavaScript engine. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/chromium < 29.0.1457.57 >= 29.0.1457.57 2 dev-lang/v8 < 3.18.5.14 >= 3.18.5.14 ------------------------------------------------------------------- 2 affected packages Description =========== Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. Impact ====== A context-dependent attacker could entice a user to open a specially crafted web site or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass security restrictions or have other, unspecified, impact. Workaround ========== There is no known workaround at this time. Resolution ========== All Chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-client/chromium-29.0.1457.57" All V8 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/v8-3.18.5.14" References ========== [ 1 ] CVE-2012-5116 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5116 [ 2 ] CVE-2012-5117 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5117 [ 3 ] CVE-2012-5118 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5118 [ 4 ] CVE-2012-5119 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5119 [ 5 ] CVE-2012-5120 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5120 [ 6 ] CVE-2012-5121 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5121 [ 7 ] CVE-2012-5122 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5122 [ 8 ] CVE-2012-5123 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5123 [ 9 ] CVE-2012-5124 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5124 [ 10 ] CVE-2012-5125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5125 [ 11 ] CVE-2012-5126 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5126 [ 12 ] CVE-2012-5127 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5127 [ 13 ] CVE-2012-5128 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5128 [ 14 ] CVE-2012-5130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5130 [ 15 ] CVE-2012-5132 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5132 [ 16 ] CVE-2012-5133 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5133 [ 17 ] CVE-2012-5135 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5135 [ 18 ] CVE-2012-5136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5136 [ 19 ] CVE-2012-5137 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5137 [ 20 ] CVE-2012-5138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5138 [ 21 ] CVE-2012-5139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5139 [ 22 ] CVE-2012-5140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5140 [ 23 ] CVE-2012-5141 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5141 [ 24 ] CVE-2012-5142 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5142 [ 25 ] CVE-2012-5143 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5143 [ 26 ] CVE-2012-5144 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5144 [ 27 ] CVE-2012-5145 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5145 [ 28 ] CVE-2012-5146 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5146 [ 29 ] CVE-2012-5147 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5147 [ 30 ] CVE-2012-5148 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5148 [ 31 ] CVE-2012-5149 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5149 [ 32 ] CVE-2012-5150 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5150 [ 33 ] CVE-2012-5151 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5151 [ 34 ] CVE-2012-5152 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5152 [ 35 ] CVE-2012-5153 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5153 [ 36 ] CVE-2012-5154 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5154 [ 37 ] CVE-2013-0828 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0828 [ 38 ] CVE-2013-0829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0829 [ 39 ] CVE-2013-0830 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0830 [ 40 ] CVE-2013-0831 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0831 [ 41 ] CVE-2013-0832 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0832 [ 42 ] CVE-2013-0833 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0833 [ 43 ] CVE-2013-0834 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0834 [ 44 ] CVE-2013-0835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0835 [ 45 ] CVE-2013-0836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0836 [ 46 ] CVE-2013-0837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0837 [ 47 ] CVE-2013-0838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0838 [ 48 ] CVE-2013-0839 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0839 [ 49 ] CVE-2013-0840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0840 [ 50 ] CVE-2013-0841 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0841 [ 51 ] CVE-2013-0842 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0842 [ 52 ] CVE-2013-0879 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0879 [ 53 ] CVE-2013-0880 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0880 [ 54 ] CVE-2013-0881 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0881 [ 55 ] CVE-2013-0882 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0882 [ 56 ] CVE-2013-0883 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0883 [ 57 ] CVE-2013-0884 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0884 [ 58 ] CVE-2013-0885 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0885 [ 59 ] CVE-2013-0887 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0887 [ 60 ] CVE-2013-0888 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0888 [ 61 ] CVE-2013-0889 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0889 [ 62 ] CVE-2013-0890 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0890 [ 63 ] CVE-2013-0891 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0891 [ 64 ] CVE-2013-0892 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0892 [ 65 ] CVE-2013-0893 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0893 [ 66 ] CVE-2013-0894 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0894 [ 67 ] CVE-2013-0895 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0895 [ 68 ] CVE-2013-0896 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0896 [ 69 ] CVE-2013-0897 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0897 [ 70 ] CVE-2013-0898 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0898 [ 71 ] CVE-2013-0899 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0899 [ 72 ] CVE-2013-0900 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0900 [ 73 ] CVE-2013-0902 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0902 [ 74 ] CVE-2013-0903 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0903 [ 75 ] CVE-2013-0904 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0904 [ 76 ] CVE-2013-0905 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0905 [ 77 ] CVE-2013-0906 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0906 [ 78 ] CVE-2013-0907 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0907 [ 79 ] CVE-2013-0908 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0908 [ 80 ] CVE-2013-0909 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0909 [ 81 ] CVE-2013-0910 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0910 [ 82 ] CVE-2013-0911 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0911 [ 83 ] CVE-2013-0912 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0912 [ 84 ] CVE-2013-0916 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0916 [ 85 ] CVE-2013-0917 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0917 [ 86 ] CVE-2013-0918 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0918 [ 87 ] CVE-2013-0919 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0919 [ 88 ] CVE-2013-0920 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0920 [ 89 ] CVE-2013-0921 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0921 [ 90 ] CVE-2013-0922 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0922 [ 91 ] CVE-2013-0923 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0923 [ 92 ] CVE-2013-0924 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0924 [ 93 ] CVE-2013-0925 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0925 [ 94 ] CVE-2013-0926 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0926 [ 95 ] CVE-2013-2836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2836 [ 96 ] CVE-2013-2837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2837 [ 97 ] CVE-2013-2838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2838 [ 98 ] CVE-2013-2839 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2839 [ 99 ] CVE-2013-2840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2840 [ 100 ] CVE-2013-2841 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2841 [ 101 ] CVE-2013-2842 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2842 [ 102 ] CVE-2013-2843 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2843 [ 103 ] CVE-2013-2844 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2844 [ 104 ] CVE-2013-2845 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2845 [ 105 ] CVE-2013-2846 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2846 [ 106 ] CVE-2013-2847 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2847 [ 107 ] CVE-2013-2848 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2848 [ 108 ] CVE-2013-2849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2849 [ 109 ] CVE-2013-2853 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2853 [ 110 ] CVE-2013-2855 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2855 [ 111 ] CVE-2013-2856 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2856 [ 112 ] CVE-2013-2857 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2857 [ 113 ] CVE-2013-2858 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2858 [ 114 ] CVE-2013-2859 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2859 [ 115 ] CVE-2013-2860 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2860 [ 116 ] CVE-2013-2861 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2861 [ 117 ] CVE-2013-2862 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2862 [ 118 ] CVE-2013-2863 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2863 [ 119 ] CVE-2013-2865 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2865 [ 120 ] CVE-2013-2867 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2867 [ 121 ] CVE-2013-2868 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2868 [ 122 ] CVE-2013-2869 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2869 [ 123 ] CVE-2013-2870 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2870 [ 124 ] CVE-2013-2871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2871 [ 125 ] CVE-2013-2874 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2874 [ 126 ] CVE-2013-2875 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2875 [ 127 ] CVE-2013-2876 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2876 [ 128 ] CVE-2013-2877 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2877 [ 129 ] CVE-2013-2878 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2878 [ 130 ] CVE-2013-2879 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2879 [ 131 ] CVE-2013-2880 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2880 [ 132 ] CVE-2013-2881 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2881 [ 133 ] CVE-2013-2882 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2882 [ 134 ] CVE-2013-2883 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2883 [ 135 ] CVE-2013-2884 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2884 [ 136 ] CVE-2013-2885 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2885 [ 137 ] CVE-2013-2886 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2886 [ 138 ] CVE-2013-2887 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2887 [ 139 ] CVE-2013-2900 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2900 [ 140 ] CVE-2013-2901 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2901 [ 141 ] CVE-2013-2902 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2902 [ 142 ] CVE-2013-2903 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2903 [ 143 ] CVE-2013-2904 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2904 [ 144 ] CVE-2013-2905 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2905 [ 145 ] Release Notes 23.0.1271.64 http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html [ 146 ] Release Notes 23.0.1271.91 http://googlechromereleases.blogspot.com/2012/11/stable-channel-update.html [ 147 ] Release Notes 23.0.1271.95 http://googlechromereleases.blogspot.com/2012/11/stable-channel-update_29.html Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201309-16.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Google Chrome Multiple Vulnerabilities SECUNIA ADVISORY ID: SA51210 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51210/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51210 RELEASE DATE: 2012-11-07 DISCUSS ADVISORY: http://secunia.com/advisories/51210/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51210/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51210 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Google Chrome, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system. 1) The application bundles a vulnerable version of Adobe Flash Player. For more information: SA51213 2) An integer overflow error exists in WebP handling. 3) An error in v8 can be exploited to cause an out-of-bounds array access. 4) A use-after-free error exists in SVG filter handling. 5) An error exists related to integer boundary checks within GPU command buffers. 6) A use-after-free error exists in video layout handling. 7) An error exists related to inappropriate loading of SVG subresource in "img" context. 8) A race condition error exists in Pepper buffer handling. 9) A type casting error exists in certain input handling. 10) An error in Skia can be exploited to cause an out-of-bounds read. 11) An error in texture handling can be exploited to corrupt memory. 12) A use-after-free error exists in extension tab handling. 13) A use-after-free error exists in plug-in placeholder handling. 14) An error in v8 can be exploited to corrupt memory. SOLUTION: Upgrade to version 23.0.1271.64. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 2) Phil Turnbull 3, 6) Atte Kettunen, OUSPG. 4, 5) miaubiz 7) Felix Gr\xf6bert, Google Security Team 8) Fermin Serna, Google Security Team 9, 10, 13) Inferno, Google Chrome Security Team 11) Al Patrick, Chromium development community 12) Alexander Potapenko, Chromium development community 14) Cris Neckar, Google Chrome Security Team ORIGINAL ADVISORY: Google: http://googlechromereleases.blogspot.dk/2012/11/stable-channel-release-and-beta-channel.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

input validation

CONFIGURATIONS

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

miaubiz, Phil Turnbull, Atte Kettunen of OUSPG, Felix Gr&amp;amp;amp;amp;amp;amp;amp;ouml;bert of the Google Security Team, Fermin Serna of the Google Security Team, Google Chrome Security Team (Inferno) and Cris Neckar of the Google Security Team.

SOURCES

LAST UPDATE DATE

2025-04-11T22:15:02.043000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE