Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2012-1845

Published: 22 March 2012

Use-after-free vulnerability in Google Chrome 17.0.963.66 and earlier allows remote attackers to bypass the DEP and ASLR protection mechanisms, and execute arbitrary code, via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. NOTE: the primary affected product may be clarified later; it was not identified by the researcher, who reportedly stated "it really doesn't matter if it's third-party code."

Notes

AuthorNote
jdstrand
VUPEN won't release the exploit to Google to fix it, and access to
the exploit is behind a paywall, so there is nothing to do. Marking deferred
for now. Will re-open if new information is available.

Priority

Medium

Status

Package Release Status
chromium-browser
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Ignored
(end of life, was deferred)
maverick Ignored
(end of life)
natty Ignored
(end of life)
oneiric Ignored
(end of life, was deferred)
precise Ignored
(end of life, was deferred)
quantal Ignored
(end of life, was deferred)
upstream Needed