Forum Thread: Google Chrome Multiple Vulnerabilities

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Vulnerabilities

See the original Secunia advisory:
Google Chrome Multiple Vulnerabilities

Secunia Google Chrome Multiple Vulnerabilities
Secunia Official 31st Aug, 2014 16:36
Ranking: 0
Posts: 0
User Since: -
System Score: -
Location: Copenhagen, DK
Some vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to conduct spoofing attacks, bypass certain security restrictions, and compromise a user's system.

1) Some errors within V8, IPC, sync, and extensions can be exploited to execute arbitrary code outside the sandbox.

2) A use-after-free error exists within SVG.

3) A use-after-free error exists within DOM.

4) An error within Extension permission dialog can be exploited to spoof certain content.

5) A use-after-free error exists within bindings.

6) An error exists within extension debugging.

7) An uninitialized memory read error exists in WebGL.

8) An uninitialized memory read error exists in Web Audio.

9) Some unspecified errors exist. No further information is currently available.

Successful exploitation of the vulnerabilities #2, #3, and #5 may allow execution of arbitrary code.

The vulnerabilities are reported in versions prior to 37.0.2062.94.

BankerBOE2 RE: Google Chrome Multiple Vulnerabilities
Member 31st Aug, 2014 16:36
Score: 3
Posts: 19
User Since: 19th Dec 2008
System Score: N/A
Location: UK
Last edited on 31st Aug, 2014 16:36
Downloaded and installed version 37.0.2062.4 but Secunia continues to report that version 36x is installed and requiring updating. After computer restart, continues to report same, even though version 36x is no longer on my computer - anywhere.

--
Windows 7 Professional 64-bit SP1
AMD A8-5600k APU w/Radeon HD Graphics 3.60 GHz
Internet Explorer 11, Firefox
16Gb RAM, 1Tb HD
Was this reply relevant?
+0
-0
Anthony Wells RE: Google Chrome Multiple Vulnerabilities
Expert Contributor 1st Sep, 2014 14:36
Score: 2542
Posts: 3,402
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hi ,

Google leaves behind the "old" version when it updates and the PSI will detect this .

36.x will show as EOL or Insecure based on the 36.x .dll files folder and or the Icon chrome.old.exe file left behind in the ...\Chrome\Application\... folder .

How do you know 36.x is not anywhere on your system ?? Have you manually removed these files ?? After rebooting did you run a full scan (the PSI can take time to react) ??

How did/do you update Chrome ??

37.x has updated a second time within a couple of days from ....94 to ....102 both are on my PC but the PSI only detects ...102 ; ...94 may show up as a "zombie" file .

I use the PSI version 2.x , which version are you using ??

Anthony


--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0