Google Chrome < 23.0.1271.64 Multiple Vulnerabilities

Versions of Google Chrome earlier than 23.0.1271.64 are potentially affected by the following vulnerabilities :

• Use-after-free errors exist related to SVG filter handling, video layout, extension tab handling and plug-in placeholder handling. (CVE-2012-5116, CVE-2012-5121, CVE-2012-5125, CVE-2012-5126)

• An error exists related to inappropriate SVG subresource loading in the ‘img’ context. (CVE-2012-5117)

• A race condition exists related to ‘Pepper’ buffer handling. (CVE-2012-5119)

• A bad cast error exists related to input handling. (CVE-2012-5122)

• Out-of-bounds reads exist related to Skia. (CVE-2012-5123)

• A memory corruption error exists related to texture handling. (CVE-2012-5124)

• An integer overflow error exists related to ‘WebP’ handling. This error can lead to out-of-bounds reads. (CVE-2012-5127)

• An improper write error exists related to the ‘v8’ JavaScript engine. (CVE-2012-5128)

Successful exploitation of any of these issues could lead to an application crash or even allow arbitrary code execution, subject to the user’s privileges.