Multiple vulnerabilities in Google Chrome versions prior to 28.0.1500.95 for Windows, Linux, and Mac could allow an unauthenticated, remote attacker to bypass security restrictions, execute arbitrary code or cause a denial of service (DoS) condition on a targeted system.
The Google Chrome Stable Channel Release addresses the following vulnerabilities:
- Origin bypass in frame handling
- Type confusion in V8
- Use-after-free in MutationObserver
- Use-after-free in DOM
- Use-after-free in input handling
- Various fixes from internal audits, fuzzing and other initiatives
An unauthenticated, remote attacker could exploit these vulnerabilities by convincing a user to view a malicious web page designed to submit crafted data to the affected software. When the user visits the page, it could allow the attacker to bypass certain security restrictions, execute arbitrary code or cause a DoS condition on the targeted system.
To exploit the vulnerabilities, the attacker may provide a link that directs a user to a malicious site and use misleading language or instructions to persuade the user to follow the provided link.
Administrators are advised to apply the appropriate updates.
Users are advised not to open email messages from suspicious or unrecognized sources. If users cannot verify that links or attachments included in email messages are safe, they are advised not to open them.
Google has released a stable channel update at the following link: Stable Channel Release
. Google has released updated software at the following link: Google Chrome 28.0.1500.95
FreeBSD has released a VuXML document at the following link: chromium -- multiple vulnerabilities. FreeBSD releases ports collection updates at the following link: Ports Collection Index.