RETIRED: Google Chrome prior to 4.1.249.1059 Multiple Security Vulnerabilities
BID:39603
Info
RETIRED: Google Chrome prior to 4.1.249.1059 Multiple Security Vulnerabilities
| Bugtraq ID: | 39603 |
| Class: | Unknown |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 20 2010 12:00AM |
| Updated: | Apr 30 2010 03:32PM |
| Credit: | kuzzcc, Meder Kydyraliev, Robert Swiecki, Tavis Ormandy, SkyLined and Michal Zalewski. |
| Vulnerable: |
Google Chrome 4.1.249 1036 Google Chrome 4.1.249 .1045 Google Chrome 4.1.249 .1042 Google Chrome 4.0.249 .89 Google Chrome 4.0.249 .78 |
| Not Vulnerable: |
Google Chrome 4.1.249 1059 |
Discussion
RETIRED: Google Chrome prior to 4.1.249.1059 Multiple Security Vulnerabilities
Google Chrome is prone to multiple vulnerabilities.
Attackers can exploit these issues to obtain sensitive information, execute arbitrary code in the context of the browser, bypass certain security restrictions and carry out other attacks such as cross-domain scripting.
Versions prior to Chrome 4.1.249.1059 are vulnerable.
The following individual records have been created to better document these issues:
39814 Google Chrome prior to 4.1.249.1059 V8 Bindings Memory Corruption Vulnerability
39812 Google Chrome prior to 4.1.249.1059 New Tab Privilege Security Vulnerability
39809 Google Chrome prior to 4.1.249.1059 HTTP Request Unspecified Security Vulnerability
39806 Google Chrome prior to 4.1.249.1059 Local File Reference Security Vulnerability
39807 Google Chrome prior to 4.1.249.1059 Forms Unspecified Security Vulnerability
39669 Google Chrome 'chrome://downloads' Cross Domain Scripting Vulnerability
39667 Google Chrome 'chrome://net-internals' Cross Domain Scripting Vulnerability
Google Chrome is prone to multiple vulnerabilities.
Attackers can exploit these issues to obtain sensitive information, execute arbitrary code in the context of the browser, bypass certain security restrictions and carry out other attacks such as cross-domain scripting.
Versions prior to Chrome 4.1.249.1059 are vulnerable.
The following individual records have been created to better document these issues:
39814 Google Chrome prior to 4.1.249.1059 V8 Bindings Memory Corruption Vulnerability
39812 Google Chrome prior to 4.1.249.1059 New Tab Privilege Security Vulnerability
39809 Google Chrome prior to 4.1.249.1059 HTTP Request Unspecified Security Vulnerability
39806 Google Chrome prior to 4.1.249.1059 Local File Reference Security Vulnerability
39807 Google Chrome prior to 4.1.249.1059 Forms Unspecified Security Vulnerability
39669 Google Chrome 'chrome://downloads' Cross Domain Scripting Vulnerability
39667 Google Chrome 'chrome://net-internals' Cross Domain Scripting Vulnerability
Exploit / POC
RETIRED: Google Chrome prior to 4.1.249.1059 Multiple Security Vulnerabilities
Attackers may use standard tools to exploit some of the issues; other issues may require exploit code. We are not aware of any exploits for the remaining issues.
Attackers may use standard tools to exploit some of the issues; other issues may require exploit code. We are not aware of any exploits for the remaining issues.
Solution / Fix
RETIRED: Google Chrome prior to 4.1.249.1059 Multiple Security Vulnerabilities
Solution:
Vendor updates are available. Please see the references for details.
Solution:
Vendor updates are available. Please see the references for details.
References
RETIRED: Google Chrome prior to 4.1.249.1059 Multiple Security Vulnerabilities
References:
References: