Google Chrome versions prior to 23.0.1271.64 for Mac, Windows, and Linux contain multiple vulnerabilities that could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on a targeted system.
This update addresses 13 vulnerabilities. These vulnerabilities are due to four out-of-bounds memory read errors, four use-after-free errors, inappropriate loading of SVG subresource in the img
context, memory corruption errors in texture handling, and a race condition in Pepper buffer handling. A bad write in the v8 component of the affected software and a bad cast in input handling were also addressed with the software update.
The affected components include Skia, GPU command buffers, and Pepper plug-ins.
An unauthenticated, remote attacker could exploit these vulnerabilities by convincing a user to view a malicious web page that contains crafted data. A successful exploit could allow the attacker to execute arbitrary code on the system with the privileges of the user or cause a DoS condition on the system.
Administrators are advised to apply the appropriate updates.
Users should verify that unsolicited links are safe to follow.
Google has released a security update at the following link: Chrome Stable Update
. Google has released updated software at the following link: Google Chrome 23.0.1271.64
FreeBSD has released a VuXML document at the following link: chromium -- multiple vulnerabilities
. FreeBSD releases ports collection updates at the following link: Ports Collection Index