WebKit contains a use-after-free error in the 'EventHandler::updateDragAndDrop' function [WebCore/page/EventHandler.cpp] that is triggered when performing drag and drop actions. With a specially crafted web page, a context-dependent attacker can dereference already freed memory and potentially execute arbitrary code.

It has been reported that this issue has been fixed. Upgrade to version 1.8.0, or higher, to address this vulnerability.

Upgrade to Google Chrome version 17.0.963.56 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

• CVE ID: 2011-3023 (see also: NVD)
• Secunia Advisory ID: 48016 48059 48866
• Related OSVDB ID: 79283 79284 79285 79286 79287 79288 79289 79290 79292 79293 79294 79295
• Vendor Specific News/Changelog Entry: http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.html
  http://security.gentoo.org/glsa/glsa-201202-01.xml
  http://www.srware.net/forum/viewtopic.php?f=18&t=3521
  https://bugs.webkit.org/show_bug.cgi?id=77569 [ Auth Req'd ]
• Vendor Specific Solution URL: http://trac.webkit.org/changeset/106488
• Vendor Specific Advisory URL: https://code.google.com/p/chromium/issues/detail?id=112259

• pa_kt