Google Chrome Buffer Overflow Vulnerability Network Vulnerability

Summary

The host is installed with Google Chrome and is prone to Buffer Overflow vulnerability.

Impact

Successful exploitation will let the attacker run arbitrary codes with the privilege of logged on user or can craft a special images or canvas to execute arbitrary code inside the sandboxed renderer (tab) process and cause a tab to crash. Impact level: Application

Solution

Upgrade to version 1.0.154.64 http://www.google.com/chrome

Insight

These flaws are due to, - a boundary error in nitSkBitmapFromData() function while processing vectors related to large bitmap that arrives over the IPC channel. - a failure while validating the result of integer multiplication when computing image sizes.

Affected

Google Chrome versions prior to 1.0.154.64, version 2.0.159.0 and prior.

References

http://code.google.com/p/chromium/issues/detail?id=10869
http://googlechromereleases.blogspot.com/2009/05/stable-update-security-fix.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-1441, CVE-2009-1442
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Reader Multimeda Doc.media.newPlayer Code Execution Vulnerability (Linux)
DesignWorks Professional '.cct' File BOF Vulnerability
BigAnt IM Server HTTP GET Request Buffer Overflow Vulnerability
Adobe Flash Player Buffer Overflow Vulnerability (Mac OS X)
Adobe Reader 'Plug-in' Buffer Overflow Vulnerability (Mac OS X)

Take action and discover your vulnerabilities