SB2013011501 - Multiple vulnerabilities in Techland Chrome
Published: January 15, 2013 Updated: January 25, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 5 secuirty vulnerabilities.
1) Resource management error (CVE-ID: CVE-2013-0828)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The PDF functionality in Google Chrome before 24.0.1312.52 does not properly perform a cast of an unspecified variable during processing of the root of the structure tree, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.
2) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2013-0829)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Google Chrome before 24.0.1312.52 does not properly maintain database metadata, which allows remote attackers to bypass intended file-access restrictions via unspecified vectors.
3) Input validation error (CVE-ID: CVE-2012-5151)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Integer overflow in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code in a PDF document.
4) Use-after-free (CVE-ID: CVE-2012-5156)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing vectors involving PDF fields. A remote attackers can cause a denial of service or possibly have unspecified other impact.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
5) Buffer overflow (CVE-ID: CVE-2012-5157)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
Google Chrome before 24.0.1312.52 does not properly handle image data in PDF documents, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted document.
Remediation
Install update from vendor's website.
References
- http://googlechromereleases.blogspot.com/2013/01/stable-channel-update.html
- https://code.google.com/p/chromium/issues/detail?id=162153
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16272
- https://code.google.com/p/chromium/issues/detail?id=162114
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16322
- https://code.google.com/p/chromium/issues/detail?id=165538
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16453
- https://code.google.com/p/chromium/issues/detail?id=162778
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16330
- https://code.google.com/p/chromium/issues/detail?id=162156
- https://code.google.com/p/chromium/issues/detail?id=162776
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16424