CVE-2012-1845

Publication date 22 March 2012

Last updated 24 July 2024


Ubuntu priority

Use-after-free vulnerability in Google Chrome 17.0.963.66 and earlier allows remote attackers to bypass the DEP and ASLR protection mechanisms, and execute arbitrary code, via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. NOTE: the primary affected product may be clarified later; it was not identified by the researcher, who reportedly stated “it really doesn’t matter if it’s third-party code.”

Read the notes from the security team

Status

No maintained releases are affected by this CVE.

Package Ubuntu Release Status
chromium-browser 12.10 quantal Ignored end of life, was deferred
12.04 LTS precise Ignored end of life, was deferred
11.10 oneiric Ignored end of life, was deferred
11.04 natty Ignored end of life
10.10 maverick Ignored end of life
10.04 LTS lucid Ignored end of life, was deferred
8.04 LTS hardy Not in release

Notes


jdstrand

VUPEN won’t release the exploit to Google to fix it, and access to the exploit is behind a paywall, so there is nothing to do. Marking deferred for now. Will re-open if new information is available.