=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2009/VULN236
_____________________________________________________________________

DATE                      : 11/06/2009

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Google Chrome versions prior
                             to 2.0.172.31.

======================================================================
http://googlechromereleases.blogspot.com/2009/06/stable-update-2-webkit-security-fixes.html
______________________________________________________________________

Stable update: 2 WebKit security fixes

Tuesday, June 9, 2009 | 12:47

Labels: Stable updates


Google Chrome's Stable channel has been updated to version 2.0.172.31
to fix two security issues in WebKit.


CVE-2009-1690 Memory corruption

A memory corruption issue exists in WebKit's handling of recursion in certain
DOM event handlers. Visiting a maliciously crafted website may lead to a tab
crash or arbitrary code execution in the Google Chrome sandbox. This update
addresses the issue through improved memory management.

Severity: High. An attacker might be able to run arbitrary code within the
Google Chrome sandbox.

Mitigations:

    * A victim would need to visit a page under an attacker's control.
    * Any code that an attacker might be able to run inside the renderer
process would be inside the sandbox.


CVE-2009-1718 Drag and drop information leak

An issue exists in WebKit's handling of drag events. This may lead
to the disclosure of sensitive information when content is dragged
over a maliciously crafted web page. This update addresses the issue
through improved handling of drag events.

Severity: Medium. An attacker might be able to read data belonging to
another web site, if a user can be convinced to select and drag data
on an attacker-controlled site.


Mark Larson
Google Chrome Program Manager

======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================