Overview
Google Chrome contains multiple vulnerabilities that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
Description
Google Chrome stable channel versions prior to 8.0.552.237 contain multiple memory corruption vulnerabilities. These vulnerabilities include a stack corruption vulnerability in the PDF renderer component, two memory corruption vulnerabilities in the Vorbis decoder, and a video frame size error resulting in a bad memory access. The full list of security fixes can be found in the release notes. |
Impact
By convincing a user to view a specially crafted HTML document, PDF file, or video file, an attacker can cause the application to crash or possibly execute arbitrary code. |
Solution
Apply an Update |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | 9 | AV:N/AC:M/Au:N/C:C/I:C/A:P |
| Temporal | 7 | E:POC/RL:OF/RC:C |
| Environmental | 7 | CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND |
References
- http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html
- http://build.chromium.org/f/chromium/perf/dashboard/ui/changelog.html?url=/branches/552/src&range=70801:68599&mode=html
- http://code.google.com/p/chromium/issues/detail?id=67208
- http://code.google.com/p/chromium/issues/detail?id=67303
- http://code.google.com/p/chromium/issues/detail?id=68115
Acknowledgements
Bug 67208 was reported by Jared Allar of the CERT/CC and bugs 67303 and 68115 were reported by David Warren of the CERT/CC. See Google's release notes for full credits.
This document was written by Jared Allar and David Warren.
Other Information
| CVE IDs: | None |
| Severity Metric: | 3.29 |
| Date Public: | 2011-01-12 |
| Date First Published: | 2011-01-13 |
| Date Last Updated: | 2012-03-28 15:24 UTC |
| Document Revision: | 22 |