Google Chrome contains a flaw in the IPC channel handling as the identity of a listener process is not validated. This allows an unprivileged listener process to connect to a pipe started by the browser process and escalate privileges, e.g. allowing the GPU process to impersonate a special class of renderer with elevated privileges.

Upgrade to version 18.0.1025.168 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

• Security Tracker: 1027001
• OVAL ID: 14964
• CVE ID: 2011-3079 (see also: NVD)
• Secunia Advisory ID: 48992 49175
• Related OSVDB ID: 81643 81644 81646 81647
• Other Advisory URL: http://blog.chromium.org/2012/05/tale-of-two-pwnies-part-1.html
• Vendor Specific News/Changelog Entry: http://code.google.com/p/chromium/issues/detail?id=117627
  http://googlechromereleases.blogspot.com/2012/04/stable-channel-update_30.html
  https://hermes.opensuse.org/messages/14565591

• PinkiePie aka PwniePie