CERT-In Advisory
CIAD-2014-0068
Multiple Vulnerabilities in Google Chrome
Original Issue Date: December 17, 2014
Severity Rating: High
Software Affected
- Google Chrome versions prior to version 39.0.2171.65
Overview
Multiple vulnerabilities have been reported in Google Chrome which could allow remote attackers to execute arbitrary code, cause denial of service, bypass access control restrictions and access sensitive information from the target system.
Description
1. Google Chrome Address Bar Spoofing Vulnerability
(
CVE-2014-7899
)
Address bar spoofing vulnerability has been reported in Google Chrome. A remote attacker could exploit this vulnerability by convincing users to visit a specially crafted URL which is created by placing a blob or a substring at the beginning of the URL, followed by the original URI scheme and a long username string.
Successful exploitation of this vulnerability could allow remote attackers to launch URL spoofing, phishing and other spoofing attacks to gather user's sensitive information from the targeted system installed with vulnerable version of Chrome.
2. Google Chrome PDFium - Use After Free Remote Code Execution Vulnerability
(
CVE-2014-7900
)
Remote code execution vulnerability has been reported in Google Chrome. This vulnerability is caused due to a use-after-free error in the CPDF_Parser::IsLinearizedFile function in fpdfapi/fpdf_parser/fpdf_parser_parser.cpp in PDFium which is an open-source PDF rendering engine.
A remote attacker could exploit this vulnerability by enticing users to open a specially crafted PDF document to execute arbitrary code on the affected system; failed attempts could cause denial-of-service conditions.
3. Google Chrome PDFium Integer Overflow Vulnerability
(
CVE-2014-7901
)
An Integer overflow error has been reported in the opj_t2_read_packet_data function in fxcodec/fx_libopenjpeg/libopenjpeg20/t2.c in OpenJPEG in PDFium.
A remote attacker could exploit this vulnerability by creating a specially crafted JPEG image containing a long segment. Successful exploitation of this vulnerability could allow remote attackers to execute arbitrary code; failed attempts could cause denial-of-service conditions on the affected systems.
4. Google Chrome PDFium Use-After-Free Vulnerability
(
CVE-2014-7902
)
This vulnerability is caused due to a use-after-free error in PDFium. A remote attacker could exploit this vulnerability by creating a specially crafted PDF document and execute arbitrary code; failed attempts could cause denial-of-service conditions.
5. Google Chrome PDFium Buffer Overflow Vulnerability
(
CVE-2014-7903
)
This vulnerability is caused due to improper bounds checking by OpenJPEG before r2911 in PDFium. Remote attackers could exploit this vulnerability by enticing users to open a specially crafted JPEG image with an extremely long argument to cause buffer overflow and hence execute arbitrary code on the affected system; failed attempts could cause denial-of-service conditions.
6. Google Chrome Skia Buffer Overflow Vulnerability
(
CVE-2014-7904
)
This vulnerability is caused due to improper bounds checking by Skia which is a 2D graphic library for drawing Text, Geometries, and Images etc. used in Google Chrome.
A remote attacker could exploit this vulnerability by sending an extremely long argument thereby causing a buffer overflow and execute arbitrary code on the targeted system or could cause a denial-of-service condition.
7. Google Chrome intents Unspecified Vulnerability
(
CVE-2014-7905
)
This vulnerability is caused due to an unspecified error in Google Chrome prior to version 39.0.2171.65 on Android; unable to prevent navigation to a URL for which the CATEGORY_BROWSABLE intent is absent or unspecified. A remote attacker could exploit this vulnerability to bypass the anticipated access control restrictions via a specially crafted website.
8. Google Chrome Use After Free Vulnerability
(
CVE-2014-7906
)
This vulnerability is caused due to Pepper plugins in Google Chrome, which do not stop the access to PepperMediaDeviceManager outside the lifetime of an object and thus cause use-after-free error in the Pepper plugins. The Pepper plugin is an integration of Flash player with Google Chrome.
Remote attacker could exploit this vulnerability by creating a specially crafted Flash content to execute arbitrary code and could cause denial-of-service conditions on the affected system in case of failed attempts.
9. Google Chrome Blink Remote Code Execution Vulnerability
(
CVE-2014-7907
)
This vulnerability is caused due to improper handling of the detached frame related to the lock and unlock methods by modules/screen_orientation/ScreenOrientationController.cpp in Blink, a web browser engine used in Google Chrome.
Remote attacker could exploit this vulnerability via unknown vectors and allow them to execute arbitrary code and even cause denial-of-service conditions in case of failed attempts.
10. Google Chrome Media Integer Overflow Vulnerability
(
CVE-2014-7908
)
Multiple integer overflow errors exist in the CheckMov function in media/base/container_names.cc. A remote attacker could exploit this vulnerability by supplying large chunks of data in MPEG-4 or QuickTime .mov data to execute arbitrary code on the system and could cause denial-of-service condition in case of failed attempts.
11. Google Chrome Skia Information Disclosure Vulnerability
(
CVE-2014-7909
)
This vulnerability is caused due to the computation of a hash key using uninitialized integer values by effects/SkDashPathEffect.cpp in Skia.
A remote attacker could successfully exploit this vulnerability by rendering specially crafted data and could gain access to sensitive information or cause denial-of-service condition on the affected system.
12. Google Chrome Multiple Security Vulnerabilities
(
CVE-2014-7910
)
Multiple unspecified vulnerabilities have been reported in Google Chrome which could allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors.
Solution
Apply the appropriate fix/patch as mentioned by the vendor
http://googlechromereleases.blogspot.in/2014/11/stable-channel-update_18.html
Vendor Information
Google Chrome
http://googlechromereleases.blogspot.in/2014/11/stable-channel-update_18.html
References
SecurityFocus
http://www.securityfocus.com/bid/71158
http://www.securityfocus.com/bid/71165
http://www.securityfocus.com/bid/71164
http://www.securityfocus.com/bid/71166
http://www.securityfocus.com/bid/71162
http://www.securityfocus.com/bid/71159
http://www.securityfocus.com/bid/71160
http://www.securityfocus.com/bid/71163
http://www.securityfocus.com/bid/71170
http://www.securityfocus.com/bid/71168
http://www.securityfocus.com/bid/71167
http://www.securityfocus.com/bid/71161
XForce
http://xforce.iss.net/xforce/xfdb/98787
http://xforce.iss.net/xforce/xfdb/98788
http://xforce.iss.net/xforce/xfdb/98789
http://xforce.iss.net/xforce/xfdb/98790
http://xforce.iss.net/xforce/xfdb/98791
http://xforce.iss.net/xforce/xfdb/98792
http://xforce.iss.net/xforce/xfdb/98793
http://xforce.iss.net/xforce/xfdb/98794
http://xforce.iss.net/xforce/xfdb/98795
http://xforce.iss.net/xforce/xfdb/98796
http://xforce.iss.net/xforce/xfdb/98797
http://xforce.iss.net/xforce/xfdb/98798
Security Tracker
http://www.securitytracker.com/id/1031241
CVE Name
CVE-2014-7899
CVE-2014-7900
CVE-2014-7901
CVE-2014-7902
CVE-2014-7903
CVE-2014-7904
CVE-2014-7905
CVE-2014-7906
CVE-2014-7907
CVE-2014-7908
CVE-2014-7909
CVE-2014-7910
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Email: info@cert-in.org.in Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, CGO Complex, Lodhi Road,
New Delhi - 110 003
India
|