Multiple vulnerabilities in Google Chrome versions prior to 31.0.1650.63 for Windows, Linux, and Mac could allow an unauthenticated, remote attacker to conduct spoofing attacks or session fixation attacks, execute arbitrary code, or cause a denial of service (DoS) condition on a targeted system.
The Google Chrome Stable Channel Release addresses the following vulnerabilities:
- Session fixation in sync related to 302 redirects
- Address bar spoofing related to modal dialogs
- Use-after-free in editing
- Buffer overflow in v8
- Out of bounds read and write in v8
- Various fixes from internal audits, fuzzing, and other initiatives
An unauthenticated, remote attacker could exploit these vulnerabilities by convincing a user to view a malicious web page that contains crafted data. Successful exploitation could allow the attacker to spoof the address bar, conduct session hijacking, execute arbitrary code, or cause a DoS condition on the system.
To exploit the vulnerabilities, the attacker may provide a link that directs a user to a malicious site and use misleading language or instructions to persuade the user to follow the provided link.
Administrators are advised to apply the appropriate updates.
Users are advised not to open email messages from suspicious or unrecognized sources. If users cannot verify that links or attachments included in email messages are safe, they are advised not to open them.
Google has released a stable channel update at the following link: Stable Channel Release
. Google has released updated software at the following link: Google Chrome 31.0.1650.63 or later
FreeBSD has released a VuXML document at the following link: chromium -- multiple vulnerabilities
. FreeBSD releases ports collection updates at the following link: Ports Collection Index