Forum Thread: Google Chrome Multiple Vulnerabilities

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:

See the original Secunia advisory:
Google Chrome Multiple Vulnerabilities

Secunia Google Chrome Multiple Vulnerabilities
Secunia Official 11th Jan, 2011 04:46
Ranking: 0
Posts: 0
User Since: -
System Score: -
Location: Copenhagen, DK
Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system.

1) A validation error when performing message deserialisation can be exploited to cause a crash or potentially corrupt memory.

This vulnerability affects 64-bit builds for Linux only.

2) An unspecified error when parsing Cascading Style Sheets (CSS) can be exploited to trigger an out-of-bounds read.

3) An unspecified error within cursor handling can be exploited to reference stale pointers.

flyzipper RE: Google Chrome Multiple Vulnerabilities
Member 11th Jan, 2011 04:46
Score: 0
Posts: 1
User Since: 11th Jan 2011
System Score: N/A
Location: CA
Last edited on 11th Jan, 2011 04:46
The signature/scan for this may need a little tweaking.
The description states, "This vulnerability affects 64-bit builds for Linux only", yet I'm running 64-bit Windows 7 and still receive a warning.
Was this reply relevant?
Anthony Wells RE: Google Chrome Multiple Vulnerabilities
Expert Contributor 12th Jan, 2011 21:14
Score: 2539
Posts: 3,401
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

@flyzipper ,

I would read the Linux note as referring to point 1) only and release 8.0.552.224 fixes all 3) noted insecurities , hence your warning .

The subsequent update to version 8.0.552.231 is for Mac only and is a bug fix :-

Hope that is clearer .



It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?