Info

Disclosure

Sep 25, 2012

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Sep 25, 2012

Description

Google Chrome contains a flaw in ui/app_modal_dialogs/app_modal_dialog.cc that is triggered during handling of extensions and modal dialogs. With a specially crafted Chrome extension, a context-dependent attacker can crash the browser and may potentially execute arbitrary code.

Classification

Location: Context Dependent
Attack Type: Denial of Service
Impact: Loss of Availability
Solution: Upgrade
Exploit: PoC Public
Disclosure: Vendor Verified, Coordinated Disclosure
OSVDB: Web Related

Solution

Upgrade to version 22.0.1229.79 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Google, Inc.

Chrome

21.0.1180.89

References

CVE ID: 2012-2877 (see also: NVD)
Secunia Advisory ID: 50759 50796 51030 51079
Bugtraq ID: 55676
Related OSVDB ID: 85749 85750 85751 85752 85753 85754 85755 85756 85757 85758 85759 85760 85761 85762 85763 85764 85765 85766 85767 85769 85770 85771 85775
Vendor Specific News/Changelog Entry: http://googlechromereleases.blogspot.dk/2012/09/stable-channel-update_25.html
http://lists.opensuse.org/opensuse-updates/2012-10/msg00066.html
http://www.gentoo.org/security/en/glsa/glsa-201210-07.xml
http://www.srware.net/forum/viewtopic.php?f=18&t=6287
Vendor Specific Advisory URL: https://code.google.com/p/chromium/issues/detail?id=137707

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/85768