Google.Chrome.Multiple.Security.Vulnerabilities.2014-01
Description
Google Chrome is a Web browser for multiple platforms.
Use-after-free vulnerability in the FormAssociatedElement::formRemovedFromTree function in core/html/FormAssociatedElement.cpp in Blink, as used in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of the past names map of a FORM element. (CVE-2013-6641)
Google Chrome through 32.0.1700.23 on Android allows remote attackers to spoof the address bar via unspecified vectors. (CVE-2013-6642)
The OneClickSigninBubbleView::WindowClosing function in browser/ui/views/sync/one_click_signin_bubble_view.cc in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows attackers to trigger a sync with an arbitrary Google account by leveraging improper handling of the closing of an untrusted signin confirm dialog. (CVE-2013-6643)
Multiple unspecified vulnerabilities in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors. (CVE-2013-6644)
Use-after-free vulnerability in the OnWindowRemovingFromRootWindow function in content/browser/web_contents/web_contents_view_aura.cc in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving certain print-preview and tab-switch actions that interact with a speech input element. (CVE-2013-6645)
Use-after-free vulnerability in the Web Workers implementation in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the shutting down of a worker process. (CVE-2013-6646)
Affected Products
Google Chrome for Windows prior to version 32.0.1700.76.
Google Chrome for Mac and Linux prior to version 32.0.1700.77.
Impact
Successful exploitation of these vulnerabilities can allow a remote attacker to compromise the system, conduct spoofing attack using affected version. Failed exploits may result in denial of service.
Recommended Actions
Please download and apply patches as instructed in http://googlechromereleases.blogspot.in/2014/01/stable-channel-update.html.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |