Google Chrome < 24.0.1312.52 Multiple Vulnerabilities

Versions of Google Chrome earlier than 24.0.1312.52 are potentially affected by the following vulnerabilities :

• Use-after-free errors exist related to SVG layout, DOM handling, video seeking, PDF fields and printing. (CVE-2012-5145, CVE-2012-5147, CVE-2012-5150, CVE-2012-5156, CVE-2013-0832)

• An error related to malformed URLs can allow a Same Origin Policy (SOP) bypass, thereby allowing cross-site scripting attacks. (CVE-2012-5146)

• A user-input validation error exists related to filenames and hyphenation support. (CVE-2012-5148)

• Integer overflow errors exist related to audio IPC handling, PDF JavaScript and shared memory allocation. (CVE-2012-5149, CVE-2012-5151, CVE-2012-5154)

• Out-of-bounds read errors exist related to video seeking, PDF image handling, printing and glyph handling. (CVE-2012-5152, CVE-2012-5157, CVE-2012-0833, CVE-2012-0834)

• An out-of-bounds stack access error exists in the v8 JavaScript engine. (CVE-2012-5153)

• A casting error exists related to PDF ‘root’ handling. (CVE-2013-0828)

• An unspecified error exists that can corrupt database metadata leading to incorrect file access. (CVE-2013-0829)

• An error exists related to IPC and ‘NUL’ termination. (CVE-2013-0830)

• An error exists related to extensions that may allow improper path traversals. (CVE-2013-0831)

• An unspecified error exists related to geolocation. (CVE-2013-0835)

• An unspecified error exists related to garbage collection in the v8 JavaScript engine. (CVE-2013-0836)

• An unspecified error exists related to extension tab handling. (CVE-2013-0837)

• The bundled version of Adobe Flash Player contains flaws that can lead to arbitrary code execution. (CVE-2013-0630)
  Successful exploitation of some of these issues could lead to an application crash or even allow arbitrary code execution, subject to the user’s privileges.