Google Chrome up to 19.0.1084.57 PDF JS API buffer overflow

VulDB: Google Chrome up to 19.0.1084.57 PDF JS API buffer overflow

General

Google

scipID: 5608
Affected: Google Chrome up to 19.0.1084.57
Published: 06/26/2012 (Mateusz Jurczyk)
Risk: critical
Entry: 90.3% complete
Created: 06/27/2012
Updated: 09/03/2012

Summary

A vulnerability has been found in Google Chrome up to 19.0.1084.57 and classified as critical. This vulnerability affects an unknown function of the component PDF JS API. The manipulation with an unknown input leads to a buffer overflow vulnerability. As an impact it is known to affect confidentiality, integrity, and availability.

The weakness was presented 06/26/2012 by Mateusz Jurczyk with Google Security Team as 132156. The advisory is shared for download at code.google.com. The public release was coordinated in cooperation with the vendor. This vulnerability was named CVE-2012-2833 since 05/19/2012. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. There are neither technical details nor an exploit publicly available.

Upgrading to version 20.0.1132.43 eliminates this vulnerability. The upgrade is hosted for download at google.com. The problem might be mitigated by replacing the product with Mozilla Firefox, Microsoft Internet Explorer, Opera as an alternative. The best possible mitigation is suggested to be upgrading to the latest version. A possible mitigation has been published immediately after the disclosure of the vulnerability. The vulnerability is also documented in the vulnerability database at OSVDB (83249). Additional details are provided at googlechromereleases.blogspot.de.