About Us | Contact Us

 


 

VUPEN Free Resources
 
  VUPEN Security Advisories
 
  VUPEN Security Blog & News
  Zero-day Attacks Monitor
  Daily Security Mailinglist
  Explanation of Terms
  Advanced Search Engine
 
   

Google Chrome Memory Corruption and Security Bypass Vulnerabilities

VUPEN ID VUPEN/ADV-2010-0217
CVE ID CVE-2010-0650 - CVE-2010-0651 - CVE-2010-0655 - CVE-2010-0656 - CVE-2010-0657 - CVE-2010-0658 - CVE-2010-0659 - CVE-2010-0660 - CVE-2010-0661 - CVE-2010-0662 - CVE-2010-0663 - CVE-2010-0664
 
CWE ID Available in VUPEN VNS Customer Area
CVSS V2 Available in VUPEN VNS Customer Area
Rated as Critical 
Impact Available in VUPEN VNS Customer Area
Authentication Level Available in VUPEN VNS Customer Area
Access Vector Available in VUPEN VNS Customer Area
Release Date 2010-01-26
Share Twitter LinkedIn Facebook Delicious Digg Slashdot

Technical Description

Multiple vulnerabilities have been identified in Google Chrome, which could be exploited by remote attackers to bypass restrictions, gain knowledge of sensitive information, cause a denial of service or potentially compromise a vulnerable system.

The first issue is caused by an unspecified error which could allow web sites to bypass the pop-up blocker feature.

The second vulnerability is caused due to a CSS design error, which could allow cross-domain scripting attacks.

The third issue is caused by a memory corruption error related to the pop-up block menu, which could potentially be exploited to execute arbitrary code.

The fourth vulnerability is caused due to the browser not preventing XMLHttpRequests to directories.

The fifth issue is caused by an unspecified error related to characters in shortcuts.

The sixth vulnerability is caused by an unspecified memory corruption error related to drawing on canvases, which could potentially be exploited to execute arbitrary code.

The seventh issue is caused by an unspecified memory corruption error related to image decoding, which could potentially be exploited to execute arbitrary code.

The eighth issue is caused by an unspecified error related to strip Referer.

The ninth vulnerability is caused due to an unspecified cross-domain access error.

The tenth issue is caused due to an unspecified error related to bitmap deserialization.

The eleventh weakness is caused by an unspecified error when handling nested URLs, which could cause a vulnerable browser to crash.

Affected Products

Google Chrome versions prior to 4.0.249.78

Solution 

Upgrade to Google Chrome version 4.0.249.78 :
http://www.google.com/chrome

References

http://www.vupen.com/english/advisories/2010/0217
http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html

Credits 

Vulnerabilities reported by SkyLined (Google Chrome Security Team), Chris Evans and Michal Zalewski (Google Security Team), Jacob Balle and Carsten Eiram (Secunia Research), Chromium development community, Inferno (SecureThoughts), Robert Swiecki, Tokuji Akamine (Symantec Consulting Services) and Mark Dowd.

Changelog 

2010-01-26 : Initial release

Feedback 

If you have additional information or corrections for this security advisory please submit them via our contact form.
 

Monthly Statistics 

 

 VUPEN Security Advisories By Criticality: Aug 2010


  Critical Risk

 : 0%

  High Risk		 : 0%

  Moderate Risk		 : 0%

  Low Risk		 : 100%

Get a real-time view of the vulnerabilities affecting your systems using the VUPEN VNS reporting capabilities.
 
 

Try VUPEN VNS 

 

 





© 2004-2010 VUPEN Security - Copyright - Privacy Policy