SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Web Browser)  >   Google Chrome Vendors:   Google
Google Chrome Multiple Flaws Let Remote Users Spoof URLs, Cause Memory Errors, Bypass the Plugin Blocker Whitelist, and Execute Javascript With Elevated Privileges
SecurityTracker Alert ID:  1024037
SecurityTracker URL:  http://securitytracker.com/id/1024037
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  May 27 2010
Impact:   Execution of arbitrary code via network, Modification of system information, Not specified
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 5.0.375.55
Description:   Several vulnerabilities were reported in Google Chrome. A remote user may be able to spoof URLs, bypass the plugin blocker whitelist, cause memory errors, or execute Javascript with elevated privileges.

A remote user can create a specially crafted file that, when loaded by the target user, will trigger a buffer overflow and execute arbitrary code on the target system. The code will run with the privileges of the target user.

A remote user can exploit a flaw in the canonicalization of URLs, with unspecified impact. Brett Wilson of the Chromium development community reported this vulnerability.

A remote user can exploit unload event handlers to spoof URLs in the URL bar. Michal Zalewski of the Google Security Team reported this vulnerability.

A remote user can trigger memory errors in the Safe Browsing code, with unspecified impact. SkyLined of the Google Chrome Security Team reported this vulnerability.

A remote user can bypass the whitelist-mode plugin blocker. Darin Fisher of the Chromium development community reported this vulnerability.

A remote user can exploit a drag and drop action to trigger a memory error, with unspecified impact. kuzzcc reported this vulnerability.

A remote user can cause Javascript execution in the extension context. Andrey Kosyakov of the Chromium development community reported this vulnerability.
Impact:   A remote user may be able to spoof URLs, bypass the plugin blocker whitelist, cause memory errors, or execute Javascript with elevated privileges.

The impact of some vulnerabilities was not specified.
Solution:   The vendor has issued a fix (5.0.375.55).

The vendor's advisory is available at:

http://googlechromereleases.blogspot.com/2010/05/stable-channel-update.html
Vendor URL:  www.google.com/ (Links to External Site)
Cause:   Not specified
Underlying OS:   Linux (Any), UNIX (OS X), Windows (Any)

Message History:   None.

 Source Message Contents
Date:  Wed, 26 May 2010 23:23:28 +0000
Subject:  Google Chrome


    * [7713] Medium Canonicalize URLs closer to the Safe Browsing specification. 
Credit to Brett Wilson of the Chromium development community.
    * [16535] High Possible URL bar spoofing via unload event handlers. Credit to 
Michal Zalewski, Google Security Team.
    * [30079] Medium Memory error in Safe Browsing interaction. Credit to Google 
Chrome Security Team (SkyLined).
    * [39740] Medium Bypass of whitelist-mode plugin blocker. Credit to Darin Fisher 
of the Chromium development community.
    * [41469] Medium Memory error with drag + drop. Credit to kuzzcc.
    * [42228] High Incorrect execution of Javascript in the extension context. Credit 
to Andrey Kosyakov of the Chromium development community.


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC