Vulnerabilities have been discovered in Google Chrome that could allow remote code execution or cause denial-of-service conditions. Google Chrome is a web browser used to access the Internet. These vulnerabilities can be exploited if a user visits, or is redirected to, a specially crafted web page. Successful exploitation of these vulnerabilities could result in an attacker gaining the same privileges as the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
- Google Chrome Prior to 31.0.1650.57
- Google Chrome on Android Devices Prior to 31.0.1650.59
Vulnerabilities have been discovered in Google Chrome. Details of the vulnerabilities are as follows:
Successful exploitation could result in an attacker gaining the same privileges as the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Failed exploit attempts will likely cause denial-of-service conditions.
- Update vulnerable Google Chrome products immediately after appropriate testing.
- Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
- Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
- Remind users not to open email attachments from unknown users or suspicious emails from trusted sources.
http://googlechromereleases.blogspot.com/2013/11/stable-channel-update_14.html
HP:
http://www.hppwn2own.com/chrome-nexus-4-samsung-galaxy-s4-falls/
CVE:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6632
Security Focus:
http://www.securityfocus.com/bid/63729