Release date:
Updated on: 2010-09-20
Affected Systems:
Google Chrome <6.0.472.59
Unaffected system:
Google Chrome 6.0.472.59
Description:
--------------------------------------------------------------------------------
Bugtraq id: 43228
CVE (CAN) ID: CVE-2010-3408, CVE-2010-3409, CVE-2010-3410, CVE-2010-3411, CVE-2010-3412, CVE-2010-3413, CVE-2010-3414, CVE-2010-3415, CVE-2010-3416
Google Chrome is an open-source WEB browser released by Google.
Chrome 6.0.472.59 fixes multiple security vulnerabilities. malicious webpage access may cause denial of service, sensitive information leakage, or completely intrude into the user system.
CVE-2010-3417
Chrome does not prompt users before allowing access to extended history, which may cause information leakage.
CVE-2010-3416
Chrome on Linux does not correctly implement the Khmer region settings, which allows remote attackers to cause memory corruption.
CVE-2010-3415
Chrome does not correctly implement Geolocation, which allows remote attackers to cause memory corruption.
CVE-2010-3414
Chrome on Mac OS X does not correctly implement the file dialog box, which allows remote attackers to cause memory corruption.
CVE-2010-3413
An error in the pop-up box blocking function may cause the browser to crash.
CVE-2010-3412
There is a competition condition in the console implementation.
CVE-2010-3411
Chrome on Linux does not properly process the cursor, which may cause DOS.
CVE-2010-3410, CVE-2010-3409, CVE-2010-3408
There are multiple release errors in Chrome. Attackers can cause denial of service through nested SVG elements, SVG styles, or document APIs.
<* Source: David Weston
Kuzzcc
Wooshi@gmail.com (wushi)
Link: http://secunia.com/advisories/41390/
Http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Google
------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.google.com