Vulnerability Note VU#258423
Google Chrome multiple vulnerabilities
Google Chrome contains multiple vulnerabilities that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
Google Chrome stable channel versions prior to 8.0.552.237 contain multiple memory corruption vulnerabilities. These vulnerabilities include a stack corruption vulnerability in the PDF renderer component, two memory corruption vulnerabilities in the Vorbis decoder, and a video frame size error resulting in a bad memory access.
The full list of security fixes can be found in the release notes.
By convincing a user to view a specially crafted HTML document, PDF file, or video file, an attacker can cause the application to crash or possibly execute arbitrary code.
Apply an Update
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Affected||16 Dec 2010||13 Jan 2011|
CVSS Metrics (Learn More)
Bug 67208 was reported by Jared Allar of the CERT/CC and bugs 67303 and 68115 were reported by David Warren of the CERT/CC. See Google's release notes for full credits.
This document was written by Jared Allar and David Warren.
- CVE IDs: Unknown
- Date Public: 12 Jan 2011
- Date First Published: 13 Jan 2011
- Date Last Updated: 28 Mar 2012
- Severity Metric: 3.29
- Document Revision: 21
If you have feedback, comments, or additional information about this vulnerability, please send us email.