OSVDB ID: 70103

Title: Google Chrome browser/extensions/theme_installed_infobar_delegate.cc ThemeInstalledInfoBarDelegate::Observe Function Extension Tab Interaction Memory Corruption

Info

Disclosure

Oct 26, 2010

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Dec 13, 2010

Description

Google Chrome contains a flaw that is triggered as the 'ThemeInstalledInfoBarDelegate::Observe' function [browser/extensions/theme_installed_infobar_delegate.cc] fails to properly handle incorrect tab interaction by an extension. With a specially crafted Chrome extension (CRX) file, a context-dependent attacker can corrupt memory to cause a denial of service or potentially execute arbitrary code.

Classification

Location: Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Public
Disclosure: Vendor Verified, Coordinated Disclosure
OSVDB: Web Related

Solution

Upgrade to version 8.0.552.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Google, Inc.

Chrome

8.0.552.11

References

OVAL ID: 14427
CVE ID: 2010-4575 (see also: NVD)
Secunia Advisory ID: 42605 42648
Bugtraq ID: 45390
Vendor Specific News/Changelog Entry: http://code.google.com/p/chromium/issues/detail?id=60761
http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates_13.html
http://src.chromium.org/viewvc/chrome?view=rev&revision=68112
Vendor Specific Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-201012-01.xml

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/70103