Multiple vulnerabilities have been identified in Google Chrome, which could be exploited by remote attackers to bypass restrictions, disclose sensitive information or compromise a vulnerable system.

The first issue is caused by an unspecified DNS and fall-back behavior of proxies, which could disclose sensitive information.

The second vulnerability is caused by integer overflow errors in the v8 engine, which could be exploited to execute arbitrary code.

The third issue is caused by an error related to the processing of "ruby" tags, which could be exploited to execute arbitrary code.

The fourth vulnerability is caused by an error related to "iframe" data, which could leak redirection targets.

The fifth issue is caused by an error when displaying HTTP authentication dialogs, which could allow phishing attacks.

The sixth vulnerability is caused by an integer overflow when deserializing sandbox messages, which could allow code execution.

Affected Products

Google Chrome versions prior to 4.0.249.89

Solution

Upgrade to Google Chrome version 4.0.249.89 :
http://www.google.com/chrome

References

http://www.vupen.com/english/advisories/2010/0361
http://googlechromereleases.blogspot.com/2010/02/stable-channel-update.html

Credits

Vulnerabilities reported by Eric Roman, Christopher Eatinger, Mark Dowd, Google Chrome Security Team, Timothy D. Morgan (VSR).

Changelog

2010-02-11 : Initial release

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.