Google Chrome Two Vulnerabilities
Secunia Advisory: SA37273
Release Date: 2009-11-06
Critical: Moderately critical
Impact:
Exposure of system information
Exposure of sensitive information
System access
Where: From remote
Solution Status: Vendor Patch
Software: Google Chrome 3.x
Some vulnerabilities have been reported in Google Chrome, which potentially can be exploited by malicious people to disclose sensitive information or compromise a user's system.
1) The browser fails to display a warning when a user downloads and opens e.g. SVG, MHT, or XML files. This can be exploited to potentially execute arbitrary JavaScript code in a local context and e.g. disclose the content of local files via a specially crafted web page.
2) An error in the Gears SQL API implementation can be exploited to put SQL metadata into a bad state and cause a memory corruption.
Successful exploitation of this vulnerability may allow execution of arbitrary code, but requires that the user allows the interaction of a malicious website with the Gears plugin.
The vulnerabilities are reported in versions prior to 3.0.195.32.
Solution: Update to version 3.0.195.32.
http://secunia.com/advisories/37273/