Advisory Details

May 13th, 2014

Google Chrome ImageData Signedness Error Remote Code Execution Vulnerability

CVE ID	CVE-2014-1736
CVSS SCORE	6.8, AV:N/AC:M/Au:N/C:P/I:P/A:P
AFFECTED VENDORS	Google
AFFECTED PRODUCTS	Chrome
TREND MICRO CUSTOMER PROTECTION	Trend Micro TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID ['13829']. For further product information on the TippingPoint IPS: http://www.tippingpoint.com
VULNERABILITY DETAILS	This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of ImageData objects. In certain conditions, an attacker would be able to read and write pixel data. An attacker can leverage this vulnerability to execute code under the context of the current process.
ADDITIONAL DETAILS	Google has issued an update to correct this vulnerability. More details can be found at: http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html 359802
DISCLOSURE TIMELINE	2014-04-03 - Vulnerability reported to vendor 2014-05-13 - Coordinated public release of advisory
CREDIT	SkyLined

BACK TO ADVISORIES