Google Chrome Multiple Vulnerabilities

Secunia ID	SA50872
CVE-ID	CVE-2012-2900, CVE-2012-5108, CVE-2012-5109, CVE-2012-5110, CVE-2012-5111, CVE-2012-5248, CVE-2012-5249, CVE-2012-5250, CVE-2012-5251, CVE-2012-5252, CVE-2012-5253, CVE-2012-5254, CVE-2012-5255, CVE-2012-5256, CVE-2012-5257, CVE-2012-5258, CVE-2012-5259, CVE-2012-5260, CVE-2012-5261, CVE-2012-5262, CVE-2012-5263, CVE-2012-5264, CVE-2012-5265, CVE-2012-5266, CVE-2012-5267, CVE-2012-5268, CVE-2012-5269, CVE-2012-5270, CVE-2012-5271, CVE-2012-5272
Release Date	09 Oct 2012
Criticality	Highly Critical
Solution Status	Vendor Patch
Software	Google Chrome 22.x
Where	From remote
Impact	System access This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.
Description	Multiple vulnerabilities have been reported in Google Chrome, which can be exploited by malicious people to compromise a user's system. 1) The application bundles a vulnerable version of Adobe Flash player. For more information: SA50876 2) An error exists related to Skia text rendering. 3) A race condition error exists related to audio device handling. 4) An error exists related to ICU regex handling and can be exploited to cause an out-of-bounds read. 5) An error exists related to compositor handling and can be exploited to cause an out-of-bounds read. 6) An error exists related to plug-in crash monitoring for Pepper plug-ins.
Solution	Update to version 22.0.1229.92.
Reported by	The vendor credits: 2, 3) Atte Kettunen, OUSPG. 4) Arthur Gerkis. 5) Inferno, Google Chrome Security Team. 6) Chris Evans, Google Chrome Security Team.
Original Advisory	http://googlechromereleases.blogspot.dk/2012/10/stable-channel-update.html

© 1997-2013 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.
The authors' opinions do not necessarily reflect the official positions of Kaspersky Lab.