«
»

Google Chrome Two Vulnerabilities


Google Chrome Two Vulnerabilities
SECUNIA ADVISORY ID: SA37273
VERIFY ADVISORY: http://secunia.com/advisories/37273/
DESCRIPTION: Some vulnerabilities have been reported in Google Chrome, which potentially can be exploited by malicious people to disclose sensitive information or compromise a user’s system.
1) The browser fails to display a warning when a user downloads and opens e.g. SVG, MHT, or XML files. This can be exploited to potentially execute arbitrary JavaScript code in a local context and e.g. disclose the content of local files via a specially crafted web page.
2) An error in the Gears SQL API implementation can be exploited to put SQL metadata into a bad state and cause a memory corruption.
Successful exploitation of this vulnerability may allow execution of arbitrary code, but requires that the user allows the interaction of a malicious website with the Gears plugin.
The vulnerabilities are reported in versions prior to 3.0.195.32.
SOLUTION: Update to version 3.0.195.32.
PROVIDED AND/OR DISCOVERED BY: 1) Inferno 2) Reported by the vendor.
ORIGINAL ADVISORY: Google: http://googlechromereleases.blogspot.com/2009/11/stable-channel-update.html
Inferno: http://securethoughts.com/2009/11/using-blended-browser-threats-involving-chrome-to-steal-files-on-your-computer/
———————————————————————-

Dieser Beitrag wurde am Samstag 7. November 2009, 01:40 unter Bugs / Fehlermeldungen verfasst. Sie können alle Antworten auf diesen Beitrag nachverfolgen mit RSS 2.0. Sie können eine Antwort, oder einen Trackback von Ihrer eigenen Seite hinterlassen.

  1. Bisher keine Kommentare.

Sie müssen angemeldet sein, um einen Beitrag zu verfassen.