SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Browser)  >   Google Chrome Vendors:   Google
Google Chrome Multiple Flaws Let Remote Users Spoof URLs, Cause Memory Errors, Bypass the Plugin Blocker Whitelist, and Execute Javascript With Elevated Privileges
SecurityTracker Alert ID:  1024037
SecurityTracker URL:  http://securitytracker.com/id/1024037
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  May 27 2010
Impact:   Execution of arbitrary code via network, Modification of system information, Not specified
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 5.0.375.55
Description:   Several vulnerabilities were reported in Google Chrome. A remote user may be able to spoof URLs, bypass the plugin blocker whitelist, cause memory errors, or execute Javascript with elevated privileges.

A remote user can create a specially crafted file that, when loaded by the target user, will trigger a buffer overflow and execute arbitrary code on the target system. The code will run with the privileges of the target user.

A remote user can exploit a flaw in the canonicalization of URLs, with unspecified impact. Brett Wilson of the Chromium development community reported this vulnerability.

A remote user can exploit unload event handlers to spoof URLs in the URL bar. Michal Zalewski of the Google Security Team reported this vulnerability.

A remote user can trigger memory errors in the Safe Browsing code, with unspecified impact. SkyLined of the Google Chrome Security Team reported this vulnerability.

A remote user can bypass the whitelist-mode plugin blocker. Darin Fisher of the Chromium development community reported this vulnerability.

A remote user can exploit a drag and drop action to trigger a memory error, with unspecified impact. kuzzcc reported this vulnerability.

A remote user can cause Javascript execution in the extension context. Andrey Kosyakov of the Chromium development community reported this vulnerability.

Impact:   A remote user may be able to spoof URLs, bypass the plugin blocker whitelist, cause memory errors, or execute Javascript with elevated privileges.

The impact of some vulnerabilities was not specified.

Solution:   The vendor has issued a fix (5.0.375.55).

The vendor's advisory is available at:

http://googlechromereleases.blogspot.com/2010/05/stable-channel-update.html

Vendor URL:  www.google.com/ (Links to External Site)
Cause:   Not specified
Underlying OS:  Linux (Any), UNIX (macOS/OS X), Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC