Attekett

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 47.0.2526.73 Opera (affected versions not specified) **Description** The issue is related to the lack of signature usage in a specific component, which can be exploited by remote attackers to cause a denial of service or possibly have other unspecified impacts. This is achieved through vectors that leverage "type confusion." **Recommendations** For Google Chrome versions prior to 47.0.2526.73, update to version 47.0.2526.73 or later to resolve the issue. For Opera, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 46.0.2490.71 Opera (affected versions not specified) **Description** The issue is related to errors in the code of the PDFium component in Google Chrome. It allows a remote attacker to cause a denial of service or possibly have other unspecified impacts by using a specially crafted PDF document. The `CPDF Document::GetPage` function in `fpdfapi/fpdf parser/fpdf parser document.cpp` does not properly perform a cast of a dictionary object. **Recommendations** For Google Chrome versions prior to 46.0.2490.71, update to version 46.0.2490.71 or later to resolve the issue. For Opera, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider avoiding the use of the `CPDF Document::GetPage` function until a patch is available. Restrict access to crafted PDF documents to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 30.0.1599.66 **Description** The issue is related to multiple race conditions in the Web Audio implementation in Blink. These race conditions can be exploited by remote attackers to cause a denial of service or possibly have other unspecified impacts. The issue is related to threading in various files, including core/html/HTMLMediaElement.cpp, core/platform/audio/AudioDSPKernelProcessor.cpp, core/platform/audio/HRTFElevation.cpp, and modules/webaudio/ConvolverNode.cpp. **Recommendations** For versions prior to 30.0.1599.66, update to version 30.0.1599.66 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 25.0.1364.152 **Description** The issue is related to the Web Audio implementation, which allows remote attackers to cause a denial of service due to memory corruption, or possibly have other unspecified impacts, via unknown vectors. **Recommendations** For versions prior to 25.0.1364.152, update to version 25.0.1364.152 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 25.0.1364.97 on Windows and Linux, and prior to 25.0.1364.99 on Mac OS X **Description** The issue allows remote attackers to cause a denial of service due to an incorrect read operation. This is achieved by using crafted data in the Matroska container format. **Recommendations** For Google Chrome versions prior to 25.0.1364.97 on Windows and Linux, and prior to 25.0.1364.99 on Mac OS X, update to version 25.0.1364.97 or later on Windows and Linux, and to version 25.0.1364.99 or later on Mac OS X.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 24.0.1312.52 **Description** A use-after-free issue exists, potentially allowing remote attackers to cause a denial of service or have other unspecified impacts through vectors related to SVG layout. **Recommendations** For versions prior to 24.0.1312.52, update to version 24.0.1312.52 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 23.0.1271.64 Google V8 versions prior to 3.13.7.5 **Description** The issue allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers an out-of-bounds access to an array. **Recommendations** For Google Chrome versions prior to 23.0.1271.64, update to version 23.0.1271.64 or later to resolve the issue. For Google V8 versions prior to 3.13.7.5, update to version 3.13.7.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 22.0.1229.92 **Description** A race condition issue allows remote attackers to execute arbitrary code via vectors related to audio devices. **Recommendations** For versions prior to 22.0.1229.92, update to version 22.0.1229.92 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 17.0.963.46 **Description** The issue is related to the improper handling of PDF FAX images, which can be exploited by remote attackers to cause a denial of service through an out-of-bounds read via unspecified vectors. **Recommendations** For versions prior to 17.0.963.46, update to version 17.0.963.46 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 16.0.912.63 **Description** The issue is related to the improper handling of PDF cross references, which can be exploited by remote attackers to cause a denial of service through an out-of-bounds read via unspecified vectors. **Recommendations** For versions prior to 16.0.912.63, update to version 16.0.912.63 or later to resolve the issue.