=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2009/VULN446
_____________________________________________________________________

DATE                      : 06/11/2009

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Google chrome Stable Channel
                              version prior to 3.0.195.32.

======================================================================
http://googlechromereleases.blogspot.com/2009/11/stable-channel-update.html
______________________________________________________________________
Stable Channel Update

Thursday, November 5, 2009 | 13:18

Labels: Stable updates


The stable channel has been updated to 3.0.195.32, and includes the
following security and stability fixes:

    * Resolved a history issue that affected going back from queries
in Google Maps. (Issue: 21353)
    * Fixed issue with Adobe Acrobat Reader 9.2, where no content
would be displayed. (Issue: 24883)
    * Fixed an infinite loop in AAC decoding. (Webkit Issue: 27239)
    * Fixed a top crasher. (Issue: 22205)
    * Fix issues where setInterval sometimes eats 100% CPU. (Issue: 25892)


Security Fixes:

CVE-2009-XXXX User not warned for some file types that can execute JavaScript

The user was not warned about certain possibly dangerous file types such
as SVG, MHT and XML files. In some browsers, JavaScript can execute within
these types of files. Because the JavaScript runs in the local context,
it may be able to access local resources.

More info: http://code.google.com/p/chromium/issues/detail?id=23979
(This issue will be made public once a majority of users are up to
date with the fix.)

Severity: Medium

Credit: Inferno of SecureThoughts.com

Mitigations:

    * A victim would need to visit a page under an attacker's control.
    * The victim would furthermore need to open a malicious file.


CVE-2009-XXXX Possible memory corruption in the Gears plugin

A malicious site could use the Gears SQL API to put SQL metadata into a
bad state, which could cause a subsequent memory corruption. This may
lead to a Gears plugin crash or possibly arbitrary code execution.

More info: http://code.google.com/p/chromium/issues/detail?id=26179
(This issue will be made public once a majority of users are up to date
with the fix.)

Severity: High

Credit: This issue was found by the Google Chrome security team.

Mitigations:

    * A victim would need to visit a page under an attacker's control.
    * The victim would furthermore need to "click-through" the Gears
dialog confirming that they trust the attacker's evil page.


Anthony Laforge
Google Chrome Program Manager

======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================