Internet threat level: 1
Home→Descriptions→SA37273
Google Chrome Two Vulnerabilities
| Secunia ID | |
| CVE-ID | |
| Release Date |
06 Nov 2009 |
| Last Change |
16 Nov 2009 |
| Criticality | |
| Solution Status |
Vendor Patch |
| Software |
Google Chrome 3.x |
| Where | |
| Impact |
System accessThis covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user. Exposure of sensitive informationVulnerabilities where documents or credentials are leaked or can be revealed either locally or from remote. Exposure of system informationVulnerabilities where excessive information about the system (e.g. version numbers, running services, installation paths, and similar) are exposed and can be revealed from remote and in some cases locally. |
| Description |
Some vulnerabilities have been reported in Google Chrome, which potentially can be exploited by malicious people to disclose sensitive information or compromise a user's system. 1) The browser fails to display a warning when a user downloads and opens e.g. SVG, MHT, or XML files. This can be exploited to potentially execute arbitrary JavaScript code in a local context and e.g. disclose the content of local files via a specially crafted web page. 2) An error in the Gears SQL API implementation can be exploited to put SQL metadata into a bad state and cause a memory corruption. Successful exploitation of this vulnerability may allow execution of arbitrary code, but requires that the user allows the interaction of a malicious website with the Gears plugin. The vulnerabilities are reported in versions prior to 3.0.195.32. |
| Solution |
Update to version 3.0.195.32. |
| Reported by |
1) Inferno |
| Original Advisory |
Google: |
© 1997-2012 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.