<<<
Chronological Index
>>> <<<
Thread Index
>>>
[ga] More of Googles Chrome security and other bugs
- To: Ga <ga@xxxxxxxxxxxxxx>, ICANN SSAC <ssac@xxxxxxxxx>
- Subject: [ga] More of Googles Chrome security and other bugs
- From: "Jeffrey A. Williams" <jwkckid1@xxxxxxxxxxxxx>
- Date: Wed, 10 Sep 2008 18:45:44 -0700
All,
Seems very clear that "Chrome" is at this time a very dangerous
Browser and it would be wise to avoid normal use until or unless
some if not all of these problems have been addressed by
Google.
See:
08.37.23 - Google Chrome Malformed "href" Tag Remote Denial of Service
08.37.23 CVE: Not Available
Platform: Cross Platform
Title: Google Chrome Malformed "href" Tag Remote Denial of Service
Description: Google Chrome is a web browser. The application is
exposed to a remote denial of service issue because the application
fails to handle specially-crafted HTML "href" tags. Google Chrome
version 0.2.149.27 is affected.
Ref: http://www.securityfocus.com/bid/31034
08.37.24 - Google Chrome Malformed "view-source" HTTP Header Remote
Denial of Service
08.37.24 CVE: Not Available
Platform: Cross Platform
Title: Google Chrome Malformed "view-source" HTTP Header Remote Denial
of Service
Description: Google Chrome is a web browser. The application is
exposed to a remote denial of service issue because it fails to handle
specially-crafted HTTP "view-source" headers. Google Chrome version
0.2.149.27 is affected.
Ref: http://www.securityfocus.com/archive/1/496031
08.37.25 - Google Chrome Inspect Element Remote Denial of Service
08.37.25 CVE: Not Available
Platform: Cross Platform
Title: Google Chrome Inspect Element Remote Denial of Service
Description: Google Chrome is a web browser. The application is
exposed to a remote denial of service issue because it fails to handle
specially-crafted HTML "imb" tags. An attacker can trigger this issue
by enticing an unsuspecting user into visiting a malicious web page
with an "img" link containing excessive data in the "src" field.
Google Chrome version 0.2.149.27 is affected.
Ref: http://www.securityfocus.com/bid/31038
08.37.32 - Google Chrome Arbitrary File Download
08.37.32 CVE: Not Available
Platform: Cross Platform
Title: Google Chrome Arbitrary File Download
Description: Google Chrome is a web browser. Google Chrome is exposed
to a security issue because the application allows users to download
arbitrary files without confirmation. This issue may allow attackers
to perform social engineering or other attacks to trick users into
downloading a malicious file.
Ref: http://www.securityfocus.com/archive/1/496049
08.37.36 - Google Chrome "SaveAs" Function "Title" Tag Buffer Overflow
08.37.36 CVE: Not Available
Platform: Cross Platform
Title: Google Chrome "SaveAs" Function "Title" Tag Buffer Overflow
Description: Google Chrome is a web browser. The application is
exposed to a buffer overflow issue because it fails to perform
adequate boundary-checks on user-supplied data. An attacker must
trick an unsuspecting user into saving a malicious web page containing
overly long strings in the "title" tag with the browser's "SaveAs"
function. Google Chrome version 0.2.149.27 is affected.
Ref: http://www.securityfocus.com/archive/1/496042
08.37.37 - Google Chrome Malformed Attachment Filename Remote Denial of
Service
08.37.37 CVE: Not Available
Platform: Cross Platform
Title: Google Chrome Malformed Attachment Filename Remote Denial of
Service
Description: Google Chrome is a web browser. The application is
exposed to a remote denial of service issue because the application
fails to perform adequate boundary checks on the "filename" attribute
of "Content-Disposition: attachment" HTTP headers. Google Chrome
version 0.2.149.27 is affected.
Ref: http://www.securityfocus.com/bid/31031
08.37.42 - Google Chrome Malformed "title" Tag Remote Denial of Service
08.37.42 CVE: Not Available
Platform: Cross Platform
Title: Google Chrome Malformed "title" Tag Remote Denial of Service
Description: Google Chrome is a web browser. The application is
exposed to a remote denial of service issue because it fails to handle
specially-crafted HTML "title" tags. An attacker can trigger this
issue by enticing an unsuspecting user into visiting a malicious web
page with an overly long "title". Google Chrome version 0.2.149.27 is
affected.
Ref: http://www.securityfocus.com/archive/1/496078
08.37.45 CVE: Not Available
Platform: Cross Platform
Title: Google Chrome "url_elider.cc" Buffer Overflow
Description: Google Chrome is a web browser. The application is
exposed to a buffer overflow issue because it fails to perform
adequate boundary checks on user-supplied data. This issue resides in
the "url_elider.cc" source file. Google Chrome version 0.2.149.27 is
affected.
Ref: http://codereview.chromium.org/259/patch/1/2
Regards,
Spokesman for INEGroup LLA. - (Over 281k members/stakeholders strong!)
"Obedience of the law is the greatest freedom" -
Abraham Lincoln
"Credit should go with the performance of duty and not with what is
very often the accident of glory" - Theodore Roosevelt
"If the probability be called P; the injury, L; and the burden, B;
liability depends upon whether B is less than L multiplied by
P: i.e., whether B is less than PL."
United States v. Carroll Towing (159 F.2d 169 [2d Cir. 1947]
===============================================================
Updated 1/26/04
CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS.
div. of Information Network Eng. INEG. INC.
ABA member in good standing member ID 01257402 E-Mail
jwkckid1@xxxxxxxxxxxxx
My Phone: 214-244-4827
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|