SB2014082702 - Multiple vulnerabilities in Techland Chrome
Published: August 27, 2014 Updated: August 10, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 8 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2014-3175)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Multiple unspecified vulnerabilities in Google Chrome before 37.0.2062.94 allow attackers to cause a denial of service or possibly have other impact via unknown vectors, related to the load_truetype_glyph function in truetype/ttgload.c in FreeType and other functions in other components.
2) Code Injection (CVE-ID: CVE-2014-3176)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Google Chrome before 37.0.2062.94 does not properly handle the interaction of extensions, IPC, the sync API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-3177.
3) Code Injection (CVE-ID: CVE-2014-3177)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Google Chrome before 37.0.2062.94 does not properly handle the interaction of extensions, IPC, the sync API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-3176.
4) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2014-3170)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
extensions/common/url_pattern.cc in Google Chrome before 37.0.2062.94 does not prevent use of a '�' character in a host name, which allows remote attackers to spoof the extension permission dialog by relying on truncation after this character.
5) Input validation error (CVE-ID: CVE-2014-3171)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Use-after-free vulnerability in the V8 bindings in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper use of HashMap add operations instead of HashMap set operations, related to bindings/core/v8/DOMWrapperMap.h and bindings/core/v8/SerializedScriptValue.cpp. <a href="http://cwe.mitre.org/data/definitions/416.html" target="_blank">CWE-416: Use After Free</a>
6) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2014-3172)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The Debugger extension API in browser/extensions/api/debugger/debugger_api.cc in Google Chrome before 37.0.2062.94 does not validate a tab's URL before an attach operation, which allows remote attackers to bypass intended access limitations via an extension that uses a restricted URL, as demonstrated by a chrome:// URL.
7) Buffer overflow (CVE-ID: CVE-2014-3173)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
The WebGL implementation in Google Chrome before 37.0.2062.94 does not ensure that clear calls interact properly with the state of a draw buffer, which allows remote attackers to cause a denial of service (read of uninitialized memory) via a crafted CANVAS element, related to gpu/command_buffer/service/framebuffer_manager.cc and gpu/command_buffer/service/gles2_cmd_decoder.cc.
8) Buffer overflow (CVE-ID: CVE-2014-3174)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
modules/webaudio/BiquadDSPKernel.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 37.0.2062.94, does not properly consider concurrent threads during attempts to update biquad filter coefficients, which allows remote attackers to cause a denial of service (read of uninitialized memory) via crafted API calls.
Remediation
Install update from vendor's website.
References
- http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html
- http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00027.html
- http://secunia.com/advisories/60268
- http://secunia.com/advisories/60424
- http://security.gentoo.org/glsa/glsa-201408-16.xml
- http://www.debian.org/security/2014/dsa-3039
- http://www.securityfocus.com/bid/69402
- http://www.securitytracker.com/id/1030767
- https://code.google.com/p/chromium/issues/detail?id=149871
- https://code.google.com/p/chromium/issues/detail?id=337572
- https://code.google.com/p/chromium/issues/detail?id=350782
- https://code.google.com/p/chromium/issues/detail?id=357452
- https://code.google.com/p/chromium/issues/detail?id=364062
- https://code.google.com/p/chromium/issues/detail?id=366687
- https://code.google.com/p/chromium/issues/detail?id=367991
- https://code.google.com/p/chromium/issues/detail?id=368978
- https://code.google.com/p/chromium/issues/detail?id=372410
- https://code.google.com/p/chromium/issues/detail?id=372413
- https://code.google.com/p/chromium/issues/detail?id=379656
- https://code.google.com/p/chromium/issues/detail?id=381031
- https://code.google.com/p/chromium/issues/detail?id=381244
- https://code.google.com/p/chromium/issues/detail?id=381521
- https://code.google.com/p/chromium/issues/detail?id=382240
- https://code.google.com/p/chromium/issues/detail?id=382241
- https://code.google.com/p/chromium/issues/detail?id=382242
- https://code.google.com/p/chromium/issues/detail?id=382243
- https://code.google.com/p/chromium/issues/detail?id=382601
- https://code.google.com/p/chromium/issues/detail?id=382606
- https://code.google.com/p/chromium/issues/detail?id=382639
- https://code.google.com/p/chromium/issues/detail?id=382656
- https://code.google.com/p/chromium/issues/detail?id=382820
- https://code.google.com/p/chromium/issues/detail?id=383703
- https://code.google.com/p/chromium/issues/detail?id=384662
- https://code.google.com/p/chromium/issues/detail?id=387016
- https://code.google.com/p/chromium/issues/detail?id=387315
- https://code.google.com/p/chromium/issues/detail?id=387371
- https://code.google.com/p/chromium/issues/detail?id=388771
- https://code.google.com/p/chromium/issues/detail?id=389216
- https://code.google.com/p/chromium/issues/detail?id=389280
- https://code.google.com/p/chromium/issues/detail?id=389285
- https://code.google.com/p/chromium/issues/detail?id=389316
- https://code.google.com/p/chromium/issues/detail?id=389570
- https://code.google.com/p/chromium/issues/detail?id=390176
- https://code.google.com/p/chromium/issues/detail?id=390304
- https://code.google.com/p/chromium/issues/detail?id=393938
- https://code.google.com/p/chromium/issues/detail?id=394026
- https://code.google.com/p/chromium/issues/detail?id=395972
- https://code.google.com/p/chromium/issues/detail?id=396255
- https://code.google.com/p/chromium/issues/detail?id=397258
- https://crbug.com/406143
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95475
- http://secunia.com/advisories/61482
- http://www.securityfocus.com/bid/69404
- https://crbug.com/386988
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95476
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95477
- http://www.securityfocus.com/bid/69400
- https://crbug.com/390624
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95470
- https://src.chromium.org/viewvc/chrome?revision=285492&view=revision
- http://www.securityfocus.com/bid/69406
- https://crbug.com/390928
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95471
- https://src.chromium.org/viewvc/blink?revision=178823&view=revision
- http://www.securityfocus.com/bid/69401
- https://crbug.com/367567
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95472
- https://src.chromium.org/viewvc/chrome?revision=280354&view=revision
- http://www.securityfocus.com/bid/69403
- https://crbug.com/376951
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95473
- https://src.chromium.org/viewvc/chrome?revision=275338&view=revision
- http://www.securityfocus.com/bid/69407
- https://crbug.com/389219
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95474
- https://src.chromium.org/viewvc/blink?revision=177250&view=revision