PROBLEM:
Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code.
PLATFORM:
Google Chrome prior to 14.0.835.202
ABSTRACT:
A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.
reference LINKS:
Google Chrome Annoncements and Releases
SecurityTracker Alert ID: 1026137
IMPACT ASSESSMENT:
High
Discussion:
Multiple vulnerabilities were reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system. The code will run with the privileges of the target user.
A use-after-free can occur in text line box handling [CVE-2011-2876].
An SVG text handling font processing flaw exists [CVE-2011-2877].
A cross-origin access control flaw exists [CVE-2011-2878].
Lifetime and threading issues exist in audio node handling [CVE-2011-2879].
A use-after-free can occur in the v8 bindings [CVE-2011-2880].
Specially crafted v8 hidden objects can trigger memory corruption [CVE-2011-2881].
A memory corruption flaw exists in the shader translator [CVE-2011-3873].
Impact:
A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution:
The vendor has issued a fix (14.0.835.202)..
Updating Google Chrome