VULNERABILITIES / FIXES - August 31, 2012
by Carol~ - 8/31/12 6:26 AM
Google Chrome Multiple Vulnerabilities
Release Date : 2012-08-31
Criticality level : Highly critical
Impact : Unknown
Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch
Software: Google Chrome 21.x
Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to conduct cross-site scripting attacks and compromise a user's system.
1) An out-of-bounds read error exists when handling line breaks.
2) A bad cast error exists within run-ins.
3) A race condition error exists when handling XMLHttpRequest calls.
4) An error when loading URLs can be exploited to cause a stale buffer.
5) A bad cast error exists when handling XSL transforms.
6) An error when handling certain SSL data can be exploited to cause a cross-site scripting attack.
The vulnerabilities are reported in versions prior to 21.0.1180.89.
Update to version 21.0.1180.89.
Provided and/or discovered by:
The vendor credits:
1, 2, 3) miaubiz
4) Fermin Serna, Google Security Team
5) Nicolas Gregoire
6) Emmanuel Bronshtein