Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.
Occasionally, we issue special rewards for bugs outside of Chrome, particularly where the bug is very severe and/or we are able to partially work around the issue:
- [Mac OS only] [$1000] [149904] High CVE-2012-5115: Defend against wild writes in buggy graphics drivers. Credit to miaubiz.
And back to your regular scheduled rewards, including some at the new higher levels:
- [$3500] [157079] Medium CVE-2012-5127: Integer overflow leading to out-of-bounds read in WebP handling. Credit to Phil Turnbull.
- [Linux 64-bit only] [$1500] [150729] Medium CVE-2012-5120: Out-of-bounds array access in v8. Credit to Atte Kettunen of OUSPG.
- [$1000] [143761] High CVE-2012-5116: Use-after-free in SVG filter handling. Credit to miaubiz.
- [Mac OS only] [$1000] [149717] High CVE-2012-5118: Integer bounds check issue in GPU command buffers. Credit to miaubiz.
- [$1000] [154055] High CVE-2012-5121: Use-after-free in video layout. Credit to Atte Kettunen of OUSPG.
- [145915] Low CVE-2012-5117: Inappropriate load of SVG subresource in img context. Credit to Felix Gröbert of the Google Security Team.
- [149759] Medium CVE-2012-5119: Race condition in Pepper buffer handling. Credit to Fermin Serna of the Google Security Team.
- [154465] Medium CVE-2012-5122: Bad cast in input handling. Credit to Google Chrome Security Team (Inferno).
- [154590] [156826] Medium CVE-2012-5123: Out-of-bounds reads in Skia. Credit to Google Chrome Security Team (Inferno).
- [155323] High CVE-2012-5124: Memory corruption in texture handling. Credit to Al Patrick of the Chromium development community.
- [156051] Medium CVE-2012-5125: Use-after-free in extension tab handling. Credit to Alexander Potapenko of the Chromium development community.
- [156366] Medium CVE-2012-5126: Use-after-free in plug-in placeholder handling. Credit to Google Chrome Security Team (Inferno).
- [157124] High CVE-2012-5128: Bad write in v8. Credit to Google Chrome Security Team (Cris Neckar).
Many of the above bugs were detected using AddressSanitizer.
The security issues in V8 have been fixed in v8-3.13.7.5.
We’d also like to thank miaubiz for working with us during the development cycle and preventing security regressions from ever reaching the stable channel. Rewards were issued.
This version also has a new Adobe Flash. More details can be found here.
Full details about what changes are in this release are available in the SVN revision log. Interested in hopping on the stable channel? Find out how. If you find a new issue, please let us know by filing a bug.
Karen Grunberg
Google Chrome
24 comments:
Will there be a corresponding release of Chrome for Android to fix these security issues, or is the Android version not susceptible to them?
very nice!!! ;)
I've had an issue for a few weeks due to the new version of flash. When I unplug or plug in my logitech g35 headset (remove/add audio device) I have to close Chrome and reopen it before browser audio is out put to my headset, or to my speakers if I was unplugging my headset. It seems as though flash is having trouble detecting that the default audio device in Windows has changed.
No mention of the PeerConnection API?
Font rendering is broken...
I'm on win7x64.
One Question: My notebook is Samsung 3 series and have AMD APU A6 with integrated Radeon HD 6520G. This GPU-accelerated video decoding will works for me?
PopUp window for website permissions on Russian looks ungly and not properly aligned
https://dl.dropbox.com/u/8160145/PopUpSecurity.png
still not gpu accelerated for me
Very nice, it would be good now to get a 64-bit version for Mac OS X and a share(Twitter, etc.)-functionality as part of the browser. (This share-functionality exists on Chrome iOS and on Safari Mac OSX)
When I press on the 149904 link to view details for the Mac performance issue, I get "Your client does not have permission to get URL /p/chromium/issues/detail?id=149904 from this server. That’s all we know."
Is there anything I can do to avoid this?
The latest 11.5 flash player doesn't work for ALL VIDEO PLAYER. and the only fix i was able to watch was i had to restore the point before 11.5 release :l
I notice the audio on YouTube videos is slow and stutters since the update here.
The problems with pages that contain several GIF images remain.
Very laggy and sometimes doesn't even load all the images.
Exemple: http://www.cronixsoul.com/45-stunning-examples-of-animated-gif-photography-from-jamie-beck/
Dustin, I have the same problem.
I'm not exactly sure if it's Flash or Chrome's problem, but if I unplug my Koss headphones midway through a YouTube video, the sound gets cut off and doesn't produce any sound through my speakers, which are always on. Same thing vice-versa. If while I'm watching a video on YouTube, and I have my speakers on, and then turn them off and plug in my headphones, there's no sound unless I wait for ~15 seconds or restart Chrome.
It's been happening ever since I've updated Chrome.
hmm! Could not update to Chrome 23 stable from 22 stable on my Win7 Ult on i5. Possibly because I've Comodo Dragon too installed.
Work around was to 'set TMP=c:\test' download chromesetup to c:\test and run 'start c:\test\chromesetup.exe' from command prompt.
will write a post about it at
monkeyshine nutworks
Parabens pela estrutura e conteudo de seu blog, Forte abraço Renato Artesanato em MDF
Close tab buttons are still too big (1-2 px beyond the red graphic).
For someone with lots of tabs it may cause accidental close of tab much more often than before.
Chrome Team,
Please stop making stupid UI tweaks. Having a red circle x close button on a tab not only looks dumb, but is completely unnecessary. The grey one was perfectly fine and got the point across without adding playful color. Next thing you know you are going to be having everything popping up colors everywhere.
Also, greying out the bookmarks dropdown text is REALLY annoying.
Getting aw snap error on every page after updating to version 23.0.1271.64, on windows xp sp2. How should I fix this ?
Kunal,
try updating to SP3.
Why haven't you done this already? It's been around since April 2008.
Plus, if your still on SP2 you'll find there's around 100 updates since SP3 to download and install.
Do the "[Linux only]" security bugs apply to the BSDs as well? If so can you please stop with the misleading label?
Stable? Massive GDI leaks:
http://code.google.com/p/chromium/issues/detail?id=134837
Post a Comment