===================================================================== CERT-Renater Note d'Information No. 2009/VULN401 _____________________________________________________________________ DATE : 01/10/2009 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Systems running Google Chrome. ====================================================================== http://googlechromereleases.blogspot.com/2009/09/stable-channel-update_30.html ______________________________________________________________________ Stable Channel Update Wednesday, September 30, 2009 | 14:01 Labels: Stable updates 3.0.195.24 has been promoted to the stable channel. There are no additional fixes or changes in this release. Security Fixes: CVE-2009-0689 dtoa() error parsing long floating point numbers The v8 engine uses a common dtoa() implementation to parse strings into floating point numbers. We have applied a patch to fix a recent bug in this component. Severity: High. An attacker might be able to run arbitrary code within the Google Chrome sandbox. Credit: Original discovery by Maksymilian Arciemowicz of SecurityReason. The Google Chrome security team determined that Chrome was affected. Mitigations: * A victim would need to visit a page under an attacker's control. * Any code that an attacker might be able to run inside the renderer process would be inside the sandbox. Click here for more details about sandboxing. ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================