Google Chrome contains a use-after-free error in the Safe Browsing feature as the current NavigationEntry is deleted when leaving an interstitial page. The issue is triggered when e.g. reloading a web page that displays the malware blocking page. With a specially crafted web page, a context-dependent attacker can dereference already freed memory and potentially execute arbitrary code.

Upgrade to version 16.0.912.75 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

• Security Tracker: 1026487
• CVE ID: 2011-3925 (see also: NVD)
• SCIP VulDB ID: 4575
• Secunia Advisory ID: 47449 47694 47717
• Related OSVDB ID: 78544 78545 78546 78547
• Vendor Specific News/Changelog Entry: http://code.google.com/p/chromium/issues/detail?id=107182
  http://googlechromereleases.blogspot.com/2012/01/stable-channel-update_23.html
  http://security.gentoo.org/glsa/glsa-201201-17.xml

• Chamal De Silva