Thursday, March 7, 2013

In the browser Chrome removed the 10 vulnerabilities


Google has released a security update for its web-browser that fixes 10 vulnerabilities, according to a blog developer Chrome. The new version (25.0.1364.152) experts have eliminated 10 vulnerabilities, six of which were labeled as "dangerous".

The experts also noted that the program of remuneration for identifying vulnerabilities independent researchers were given five thousand dollars. In total, various experts were awarded four awards - three for $ 1,000 each and one at $ 2,000.

Note that the most dangerous vulnerabilities eliminated in the latest stable version, related to the processing of navigation in the browser, as well as a memory corruption in the process of Web Audio and Indexed DB.


Multiple vulnerabilities in Google Chrome

Danger level: High
Patch: Yes
Number of vulnerabilities: 10

CVE ID:
CVE-2013-0902
CVE-2013-0903
CVE-2013-0904
CVE-2013-0905
CVE-2013-0906
CVE-2013-0907
CVE-2013-0908
CVE-2013-0909
CVE-2013-0910
CVE-2013-0911

Vector of operation: Remote
Impact: Security Bypass, System compromise

Affected products: Google Chrome 25.x

Affected versions: Google Chrome to version 25.0.1364.152.

Description:

The vulnerability allows a remote user to execute arbitrary code on the target system.

1. An error after release of frame loader. A remote user can execute arbitrary code on the target system.

2. An error after release of the processing of browser navigation. A remote user can execute arbitrary code on the target system.

3. An error in the Web Audio. This can be exploited to corrupt memory and execute arbitrary code on the target system.

4. An error after release of SVG animation. A remote user can execute arbitrary code on the target system.

5. An error in the Indexed DB. This can be exploited to corrupt memory and execute arbitrary code on the target system.

6. An error status of the operation in the processing of information. A remote user can execute arbitrary code on the target system.

7. An error in the processing of binding to the enlargement process. This can be exploited to bypass security restrictions on the target system.

8. An error XSS Auditor. This can be exploited to bypass security restrictions on the target system.

9. An error when loading plugins for the browser. This can be exploited to bypass security restrictions on the target system.

10. An error in the processing directory traversal database. A remote user can execute arbitrary code on the target system.

Solution: Install the latest version 25.0.1364.152 from the manufacturer.

Links:
http://googlechromereleases.blogspot.dk/2013/03/stable-channel-update_4.html

No comments:

Post a Comment