Google.Chrome.Multiple.Security.Vulnerabilities.2014-01

description-logoDescription

Google Chrome is a Web browser for multiple platforms.
Use-after-free vulnerability in the FormAssociatedElement::formRemovedFromTree function in core/html/FormAssociatedElement.cpp in Blink, as used in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of the past names map of a FORM element. (CVE-2013-6641)
Google Chrome through 32.0.1700.23 on Android allows remote attackers to spoof the address bar via unspecified vectors. (CVE-2013-6642)
The OneClickSigninBubbleView::WindowClosing function in browser/ui/views/sync/one_click_signin_bubble_view.cc in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows attackers to trigger a sync with an arbitrary Google account by leveraging improper handling of the closing of an untrusted signin confirm dialog. (CVE-2013-6643)
Multiple unspecified vulnerabilities in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors. (CVE-2013-6644)
Use-after-free vulnerability in the OnWindowRemovingFromRootWindow function in content/browser/web_contents/web_contents_view_aura.cc in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving certain print-preview and tab-switch actions that interact with a speech input element. (CVE-2013-6645)
Use-after-free vulnerability in the Web Workers implementation in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the shutting down of a worker process. (CVE-2013-6646)

affected-products-logoAffected Products

Google Chrome for Windows prior to version 32.0.1700.76.
Google Chrome for Mac and Linux prior to version 32.0.1700.77.

Impact logoImpact

Successful exploitation of these vulnerabilities can allow a remote attacker to compromise the system, conduct spoofing attack using affected version. Failed exploits may result in denial of service.

recomended-action-logoRecommended Actions

Please download and apply patches as instructed in http://googlechromereleases.blogspot.in/2014/01/stable-channel-update.html.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)