MA-212.012010: MyCERT Alert - Google Chrome Multiple Critical Vulnerabilities

Date published: 2010-01-26

1.0 Introduction

Multiple critical vulnerabilities have been identified in Google Chrome versions prior to 4.0.249.78.

Essentially, an attacker can trick users into clicking on a URL, which has been sent via e-mail, and this will direct the users to a specially crafted web page containing the exploit.

2.0 Impact

By exploiting this vulnerability, an attacker can bypass restrictions, gain knowledge of sensitive information, cause a denial of service, or compromise a vulnerable system.

3.0 Affected Products

• Google Chrome versions prior to 4.0.249.78

4.0 Recommendation

Users are recommended to upgrade to Google Chrome 4.0.249.78. The latest version of Google Chrome can be downloaded from this URL:

• http://www.google.com/chrome 

5.0 References

• http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html
• http://secunia.com/advisories/37769/
• http://www.securityfocus.com/bid/37948/
• http://www.vupen.com/english/advisories/2010/0217