---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Google Chrome Multiple Vulnerabilities SECUNIA ADVISORY ID: SA39029 VERIFY ADVISORY: http://secunia.com/advisories/39029/ DESCRIPTION: Some vulnerabilities have been reported in Google Chrome, where some have unknown impacts and others can be exploited by malicious people to conduct spoofing attacks and bypass certain security restrictions. 1) Some race conditions and pointer errors exist within the sandbox infrastructure. 2) An error exists related to persisted metadata such as Web Databases and STS. 3) The application processes HTTP headers before completing the SafeBrowsing check. 4) A memory error exists related to malformed SVG files. 5) Integer overflow errors exist within certain unspecified WebKit JavaScript objects. 6) The HTTP basic authentication dialog truncates URLs. 7) An unspecified error can be exploited to bypass the download warning dialog. 8) An unspecified error can be exploited to bypass the cross-origin policy. SOLUTION: Update to version 4.1.249.1036. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Mark Dowd, Google Chrome Security Team contractor 2) Chris Evans of the Google Chrome Security Team and RSnake of ha.ckers.org 3) Mike Dougherty of dotSyntax, LLC. 4) wushi of team509 5) Sergey Glazunov 6) Inferno of the Google Chrome Security Team 7, 8) kuzzcc ORIGINAL ADVISORY: http://googlechromereleases.blogspot.com/2010/03/stable-channel-update.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------