Google Chrome OS O3D Plug-in Use After Free Security Vulnerability

Bugtraq ID:	59071
Class:	Unknown
CVE:	CVE-2013-2833
Remote:	Yes
Local:	No
Published:	Apr 15 2013 12:00AM
Updated:	Apr 15 2013 12:00AM
Credit:	Ralf-Philipp Weinmann
Vulnerable:	Google Chrome OS 25.0.1364.173 Google Chrome OS 25.0.1364.126 Google Chrome OS 23.0.1271.94 Google Chrome OS 21.0.1183.0 Google Chrome OS 21.0.1180.50 Google Chrome OS 21.0.1180.49
Not Vulnerable:	Google Chrome OS 26.0.1410.57

Google Chrome OS O3D Plug-in Use After Free Security Vulnerability

Google Chrome OS is prone to a memory-corruption vulnerability.

Successfully exploiting this issue may allow attackers to execute arbitrary code within the context of the application. Failed exploit attempts will likely result in a denial-of-service condition.

Google Chrome OS versions prior to 26.0.1410.57 are vulnerable.

NOTE: This issue was previously covered in BID 59063 (Google Chrome OS Prior to 26.0.1410.57 Multiple Security Vulnerabilities) but has been given its own record to better document it.

Google Chrome OS O3D Plug-in Use After Free Security Vulnerability

The researcher responsible for discovering this issue has developed exploit code to trigger the vulnerability. This exploit code is not known to be publicly available.

Google Chrome OS O3D Plug-in Use After Free Security Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Google Chrome OS O3D Plug-in Use After Free Security Vulnerability

References:

• Google Chrome OS (Google)
  
• Stable Channel Update for Chrome OS 26.0.1410.57 (Google)