Google Chrome version prior to 33.0.1750.146 have exactly 19 security issues and as per Security Tracker, six of these issues are major and may cause your computer to become a target of remote attack.
The flaws/vulnerabilities were reported by Atte Kettunen of OUSPG, Khalil Zhani, cloudfuzzer, and netfuzzerr and Google Chrome on Monday came out with a updated version 33.0.1750.146 which addresses all the 19 bugs.
If you are running Chrome on your Windows, Linux or Mac OSX, you are requested to update it to the latest Chrome version as all the old versions can let remote users execute arbitrary code. In layman terms a hacker/attacker can create a malicious App or tool, which when loaded on the target computer will make the target computer a ‘Zombie’ computer. The hacker can run the affected computer with full administrator privileges and use it to conduct DoS or DDoS attacks as well as leak private user information to the potential hacker.
The vulnerabilities are listed as below
CVE-2013-6663 : This flaw was reported by Atte Kettunen and is marked as a High on the severity index by Google. A use-after-free may occur in SVG images
CVE-2013-6664 : This flaw was reported by Khalil Zhani and is marked as a High on the severity index by Google. A use-after-free may occur in speech recognition
CVE-2013-6665 : This flaw was reported by cloudfuzzer and is marked as a High on the severity index by Google. A heap overflow may occur in software rendering
CVE-2013-6666 : This flaw was reported by cloudfuzzer and is marked as a Meduum on the severity index by Google. Requests may be included in a flash header request
CVE-2013-6667 : Various fixes from internal audits, fuzzing and other initiatives.
CVE-2013-6668 : Multiple vulnerabilities in V8 fixed in version 3.24.35.10.
The definition of use-after-free or dangling pointer is as follows :
The use of previously-freed memory can have any number of adverse consequences, ranging from the corruption of valid data to the execution of arbitrary code, depending on the instantiation and timing of the flaw. The simplest way data corruption may occur involves the system’s reuse of the freed memory. Use-after-free errors have two common and sometimes overlapping causes:
1. Error conditions and other exceptional circumstances.
2. Confusion over which part of the program is responsible for freeing the memory.
To rectify this vulnerability, Google Chrome users are requested to immediately update their Chrome browsers here.
