Google Chrome < 22.0.1229.79 Multiple Vulnerabilities

Versions of Google Chrome earlier than 22.0.1229.79 are potentially affected by the following vulnerabilities :

• Out-of-bounds write errors exist related to Skia and the PDF viewer. (CVE-2012-2874, CVE-2012-2883, CVE-2012-2895)

• Various, unspecified errors exist related to the PDF viewer. (CVE-2012-2875)

• A buffer overflow error exists related to ‘SSE2’ optimizations. (CVE-2012-2876)

• An unspecified error exists related to extensions and modal dialogs that can allow application crashes. (CVE-2012-2877)

• Use-after-free errors exist related to plugin handling, ‘onclick’ handling, ‘SVG’ text references and the PDF viewer. (CVE-2012-2878, CVE-2012-2887, CVE-2012-2888, CVE-2012-2890)

• An error exists related to ‘DOM’ topology corruption. (CVE-2012-2879)

• Race conditions exist in the plugin paint buffer. (CVE-2012-2880)

• ‘DOM’ tree corruption can occur with plugins. (CVE-2012-2881)

• A pointer error exists related to ‘OGG’ container handling. (CVE-2012-2882)- An out-of-bounds read error exists related to Skia. (CVE-2012-2884)

• The possibility of a double-free error exists related to application exit. (CVE-2012-2885)

• Universal cross-site scripting issues exist related to the v8 JavaScript engine bindings and frame handling. (CVE-2012-2886, CVE-2012-2889)

• Address information can be leaked via inter process communication (IPC). (CVE-2012-2891)

• A bypass error exists related to pop-up block. (CVE-2012-2892)

• A double-free error exists related to ‘XSL’ transforms. (CVE-2012-2893)

• An error exists related to graphics context handling. (CVE-2012-2894)

• An integer overflow error exists related to ‘WebGL’. (CVE-2012-2896)
  Successful exploitation of any of these issues could lead to an application crash or even allow arbitrary code execution, subject to the user’s privileges.