Google Chrome 6.0.472.59 update fixes Multiple Security Vulnerabilities

Source: Internet
Author: User

Release date:
Updated on: 2010-09-20

Affected Systems:
Google Chrome <6.0.472.59
Unaffected system:
Google Chrome 6.0.472.59
Description:
--------------------------------------------------------------------------------
Bugtraq id: 43228
CVE (CAN) ID: CVE-2010-3408, CVE-2010-3409, CVE-2010-3410, CVE-2010-3411, CVE-2010-3412, CVE-2010-3413, CVE-2010-3414, CVE-2010-3415, CVE-2010-3416

Google Chrome is an open-source WEB browser released by Google.

Chrome 6.0.472.59 fixes multiple security vulnerabilities. malicious webpage access may cause denial of service, sensitive information leakage, or completely intrude into the user system.

CVE-2010-3417

Chrome does not prompt users before allowing access to extended history, which may cause information leakage.

CVE-2010-3416

Chrome on Linux does not correctly implement the Khmer region settings, which allows remote attackers to cause memory corruption.

CVE-2010-3415

Chrome does not correctly implement Geolocation, which allows remote attackers to cause memory corruption.

CVE-2010-3414

Chrome on Mac OS X does not correctly implement the file dialog box, which allows remote attackers to cause memory corruption.

CVE-2010-3413

An error in the pop-up box blocking function may cause the browser to crash.

CVE-2010-3412

There is a competition condition in the console implementation.

CVE-2010-3411

Chrome on Linux does not properly process the cursor, which may cause DOS.

CVE-2010-3410, CVE-2010-3409, CVE-2010-3408

There are multiple release errors in Chrome. Attackers can cause denial of service through nested SVG elements, SVG styles, or document APIs.

<* Source: David Weston
Kuzzcc
Wooshi@gmail.com (wushi)

Link: http://secunia.com/advisories/41390/
Http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

Google
------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://www.google.com

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.