ID

VAR-201209-0320

CVE

CVE-2012-2896

TITLE

Mac OS X Run on Google Chrome of WebGL Implementation of integer overflow vulnerability

DESCRIPTION

Integer overflow in the WebGL implementation in Google Chrome before 22.0.1229.79 on Mac OS X allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Google Chrome is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code in the context of the browser, cause denial-of-service conditions, execute arbitrary script code in the browser of an unsuspecting user, or steal cookie-based authentication credentials; other attacks are also possible. Versions prior to Chrome 22.0.1229.79 are vulnerable. NOTE: The CVE-2012-2897 issue has been moved to BID 56457 (Microsoft Windows Kernel 'Win32k.sys' TrueType Font Parsing Remote Code Execution Vulnerability) to better document it. Google Chrome is a web browser developed by Google (Google). ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Google Chrome Multiple Vulnerabilities SECUNIA ADVISORY ID: SA50759 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50759/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=50759 RELEASE DATE: 2012-09-26 DISCUSS ADVISORY: http://secunia.com/advisories/50759/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/50759/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=50759 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a user's system. 1) Certain unspecified input related to frame handling is not properly sanitised before being returned to the user. 2) Certain unspecified input within v8 bindings is not properly sanitised before being returned to the user. 3) An error exists within plugin handling and can be exploited to cause DOM tree corruption. 4) An error due to SSE2 optimizations can be exploited to cause a buffer overflow. 5) An error exists within Skia and can be exploited to cause an out-of-bounds write. 6) A use-after-free error exists within onclick handling. 7) A use-after-free error exists related to SVG text references. 8) An integer overflow error exists related to WebGL handling. 9) An unspecified error can be exploited to cause DOM topology corruption. 10) An error exists within Skia and can be exploited to cause an out-of-bounds write. 11) Some weaknesses exist in the PDF viewer. 12) A use-after-free error exists within the plug-in handling. 13) A race condition exists when handling plug-in paint buffers. 14) An error when handling OGG containers can be exploited to reference an invalid pointer. 15) A double-free error exists on exit. 16) A use-after-free error exists within the PDF viewer. 17) An unspecified error exists and can be exploited to bypass the pop-up block. 18) A double-free error exists within XSL transforms. 19) Some errors within the PDF viewer can be exploited to cause an out-of-bounds write. SOLUTION: Upgrade to version 22.0.1229.79. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1, 2) Sergey Glazunov 3) Chamal de Silva 4, 5, 6) Atte Kettunen, OUSPG 7, 8) miaubiz 9) pawlkt 10, 14) Inferno, Google Chrome Security Team 11, 16, 19) Mateusz Jurczyk, Google Security Team and Gynvael Coldwind, Google Security Team 12) Fermin Serna, Google Security Team 13, 17, 18) Cris Neckar, Google Chrome Security Team 15) Chromium development community ORIGINAL ADVISORY: Google: http://googlechromereleases.blogspot.dk/2012/09/stable-channel-update_25.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201210-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Chromium: Multiple vulnerabilities Date: October 21, 2012 Bugs: #433551, #436234, #437664, #437984 ID: 201210-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been reported in Chromium, some of which may allow execution of arbitrary code. Background ========== Chromium is an open source web browser project. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/chromium < 22.0.1229.94 >= 22.0.1229.94 Description =========== Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers and release notes referenced below for details. Impact ====== A remote attacker could entice a user to open a specially crafted web site using Chromium, possibly resulting in the execution of arbitrary code with the privileges of the process, arbitrary file write, a Denial of Service condition, Cross-Site Scripting in SSL interstitial and various Universal Cross-Site Scripting attacks. Workaround ========== There is no known workaround at this time. Resolution ========== All Chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-client/chromium-22.0.1229.94" References ========== [ 1 ] CVE-2012-2859 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2859 [ 2 ] CVE-2012-2860 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2860 [ 3 ] CVE-2012-2865 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2865 [ 4 ] CVE-2012-2866 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2866 [ 5 ] CVE-2012-2867 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2867 [ 6 ] CVE-2012-2868 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2868 [ 7 ] CVE-2012-2869 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2869 [ 8 ] CVE-2012-2872 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2872 [ 9 ] CVE-2012-2874 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2874 [ 10 ] CVE-2012-2876 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2876 [ 11 ] CVE-2012-2877 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2877 [ 12 ] CVE-2012-2878 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2878 [ 13 ] CVE-2012-2879 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2879 [ 14 ] CVE-2012-2880 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2880 [ 15 ] CVE-2012-2881 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2881 [ 16 ] CVE-2012-2882 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2882 [ 17 ] CVE-2012-2883 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2883 [ 18 ] CVE-2012-2884 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2884 [ 19 ] CVE-2012-2885 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2885 [ 20 ] CVE-2012-2886 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2886 [ 21 ] CVE-2012-2887 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2887 [ 22 ] CVE-2012-2888 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2888 [ 23 ] CVE-2012-2889 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2889 [ 24 ] CVE-2012-2891 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2891 [ 25 ] CVE-2012-2892 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2892 [ 26 ] CVE-2012-2894 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2894 [ 27 ] CVE-2012-2896 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2896 [ 28 ] CVE-2012-2900 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2900 [ 29 ] CVE-2012-5108 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5108 [ 30 ] CVE-2012-5110 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5110 [ 31 ] CVE-2012-5111 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5111 [ 32 ] CVE-2012-5112 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5112 [ 33 ] CVE-2012-5376 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5376 [ 34 ] Release Notes 21.0.1180.89 http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30= .html [ 35 ] Release Notes 22.0.1229.79 http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25= .html [ 36 ] Release Notes 22.0.1229.92 http://googlechromereleases.blogspot.com/2012/10/stable-channel-update.ht= ml [ 37 ] Release Notes 22.0.1229.94 http://googlechromereleases.blogspot.com/2012/10/stable-channel-update_61= 05.html Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201210-07.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

digital error

CONFIGURATIONS

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Sergey Glazunov, Chamal de Silva, Atte Kettunen of OUSPG, miaubiz, Slawomir Blazek, Nir Moshe, pawlkt, Google Chrome Security Team (Inferno), Mateusz Jurczyk of Google Security Team, Gynvael Coldwind of Google Security Team, Fermin Serna of Google Security

SOURCES

LAST UPDATE DATE

2024-11-23T19:55:27.814000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE