Release date: 2010-08-19
Updated on: 2010-08-25
Affected Systems:
Google Chrome 5.0
Unaffected system:
Google Chrome 5.0.375.127
Description:
--------------------------------------------------------------------------------
Bugtraq id: 42571
Cve id: CVE-2010-3111, CVE-2010-3112, CVE-2010-3113, CVE-2010-3114, CVE-2010-3115, CVE-2010-3116, CVE-2010-3117, CVE-2010-3118, CVE-2010-3119
Google Chrome is an open-source WEB browser released by Google.
Chrome 5.0.375.127 updates fix multiple security vulnerabilities. malicious web pages may cause denial of service, leakage of sensitive information, or full intrusion into the user system.
CVE-2010-3120
Chrome does not correctly implement the Geolocation function. Remote attackers can cause denial of service or execute arbitrary code.
CVE-2010-3119
Chrome does not correctly support the Ruby language. Remote attackers can cause denial of service or execute arbitrary code.
CVE-2010-3118
The automatic suggestion function implemented by Omnibox does not take password into account. Remote attackers can obtain sensitive information by reading the network communication generated by this function.
CVE-2010-3117
Chrome does not correctly implement the notification function. Remote attackers can cause denial of service or execute arbitrary code.
CVE-2010-3116
Chrome does not properly process MIME types. Remote attackers can cause denial-of-service attacks or execute arbitrary code.
CVE-2010-3115
Chrome does not properly implement the history function. Remote attackers can fool the address bar.
CVE-2010-3114
The text editing Implementation of Chrome does not correctly execute the assignment.
CVE-2010-3113
Chrome does not properly process SVG documents. Remote attackers can cause denial-of-service attacks or execute arbitrary code.
CVE-2010-3112
Chrome does not correctly implement the file dialog box. Remote attackers can cause denial of service or execute arbitrary code.
CVE-2010-3111
Chrome does not properly mitigate a vulnerability in the Windows Kernel.
<* Source: Sergey glaz.pdf
Wooshi@gmail.com (wushi)
Mike Taylor
Link: http://secunia.com/advisories/41014/
Http://googlechromereleases.blogspot.com/2010/08/stable-channel-update_19.html
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Google
------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.google.com