Google Chrome up to 19.0.1084.57 on Linux 64-bit XML libxml buffer overflow

VulDB: Google Chrome up to 19.0.1084.57 on Linux 64-bit XML libxml buffer overflow

General

Google

scipID: 5611
Affected: Google Chrome up to 19.0.1084.57
Published: 06/26/2012 (Jüri Aedla)
Risk: critical
Entry: 91.2% complete
Created: 06/27/2012
Updated: 09/03/2012

Summary

A vulnerability classified as critical was found in Google Chrome up to 19.0.1084.57 (Linux 64-bit). Affected by this vulnerability is an unknown function in the library libxml of the component XML. The manipulation with an unknown input leads to a buffer overflow vulnerability. As an impact it is known to affect confidentiality, integrity, and availability.

The weakness was released 06/26/2012 by Jüri Aedla as 129930. The advisory is shared for download at code.google.com. The public release was coordinated with Google. This vulnerability is known as CVE-2012-2807 since 05/19/2012. The attack can be launched remotely. The exploitation doesn’t need any form of authentication. Technical details of the vulnerability are known, but there is no available exploit.

Upgrading to version 20.0.1132.43 eliminates this vulnerability. The upgrade is hosted for download at google.com. The problem might be mitigated by replacing the product with Mozilla Firefox, Microsoft Internet Explorer, Opera as an alternative. The best possible mitigation is suggested to be upgrading to the latest version. A possible mitigation has been published immediately after the disclosure of the vulnerability. The vulnerability is also documented in the vulnerability database at OSVDB (83266). Additional details are provided at googlechromereleases.blogspot.de.