Multiple vulnerabilities in Google Chrome versions prior to 33.0.1750.146 for Windows, Linux, and Mac could allow an unauthenticated, remote attacker to access sensitive information, bypass security restrictions, execute arbitrary code, or cause a denial of service (DoS) condition on a targeted system.
The Google Chrome Stable Channel Release addresses the following vulnerabilities:
- Use-after-free conditions in svg images and speech recognition
- Heap buffer overflow condition in software rendering
- Multiple vulnerabilities in V8
- Allow requests in flash header request
- Other vulnerabilities identified through internal company audits
An unauthenticated, remote attacker could exploit these vulnerabilities by persuading a user to view a malicious web page designed to submit crafted data to the affected software. When the user visits the page, the attacker could access sensitive information, bypass security restrictions, execute arbitrary code, or cause a DoS condition on a targeted system.
To exploit the vulnerabilities, the attacker may provide a link that directs a user to a malicious site and use misleading language or instructions to persuade the user to follow the provided link.
Administrators are advised to apply the appropriate updates.
Users are advised not to open email messages from suspicious or unrecognized sources. If users cannot verify that links or attachments included in email messages are safe, they are advised not to open them.
Google has released a stable channel update at the following link: Stable Channel Update
. Google has released updated software at the following link: Google Chrome 33.0.1750.146 or later
FreeBSD has released a VuXML document at the following link: chromium -- multiple vulnerabilities. FreeBSD has released ports collection updates at the following link: Ports Collection Index