Google Chrome Multiple Vulnerabilities

Secunia ID	SA48992
CVE-ID	CVE-2011-3078, CVE-2011-3079, CVE-2011-3080, CVE-2011-3081, CVE-2012-1521
Release Date	01 May 2012
Last Change	18 Jun 2012
Criticality	Highly Critical
Solution Status	Vendor Patch
Software	Google Chrome 18.x
Where	From remote
Impact	System access This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user. Unknown Covers various weaknesses, security issues, and vulnerabilities not covered by the other impact types, or where the impact isn't known due to insufficient information from vendors and researchers.
Description	Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to compromise a user's system. 1) A use-after-free error exists in floats handling. 2) A use-after-free error exists within the xml parser. 3) An error exists within the IPC validation. 4) A race condition exists within the sandbox IPC. 5) A second use-after-free error exists in floats handling. The vulnerabilities are reported in versions prior to 18.0.1025.168.
Solution	Update to version 18.0.1025.168.
Reported by	The vendor credits: 1) Marty Barbella, Google Chrome Security Team and miaubiz 2) SkyLined, Google Chrome Security Team and wushi, team509 via iDefense 3) PinkiePie 4) Willem Pinckaers, Matasano. 5) miaubiz
Original Advisory	Google: http://googlechromereleases.blogspot.com/2012/04/stable-channel-update_30.html iDefense: http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=978

© 1997-2013 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.
The authors' opinions do not necessarily reflect the official positions of Kaspersky Lab.