Google Chrome 17.0.963.56 Stable update available, fixes 7 high risk vulnerabilities

Google Chrome Stable Update
Google Chrome 17.0.963.56 has been updated to the Stable channel for Windows, Mac OS, Linux, and Chrome Frame. This update fixes a number of stability issues and address a total of 13 vulnerabilities, 7 of which were considered to be high risk, and also includes a new version of Flash Player, released to address a number of vulnerabilities, including a universal cross-site scripting (XSS) flaw. There are reports that this vulnerability (CVE-2012-0767) is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message (Internet Explorer on Windows only). More info on the Flash Player update is available at Flash Player 11.1.102.62.

Overview
Google Chrome is a browser that combines a minimal design with sophisticated technology to make the web faster, safer, and easier. It has one box for everything: Type in the address bar and get suggestions for both search and web pages. Will give you thumbnails of your top sites, access your favorite pages instantly with lightning speed from any new tab. Desktop shortcuts allow you to launch your favorite Web apps straight from your desktop.

Install Google Chrome
To install Google Chrome 17.0.963.56 Stable please visit http://www.google.com/chrome website.

Google Chrome 17.0.963.56

What's new in Google Chrome 17.0.963.56 Stable (February 15, 2012)
Google Chrome 17.0.963.56 includes a new version of Flash Player (v11.1.102.62) plug-in.

Security fixes and rewards:
  • [105803] CVE-2011-3015: Integer overflows in PDF codecs. Credit to Google Chrome Security Team (scarybeasts). (High)
  • [$500] [106336] CVE-2011-3016: Read-after-free with counter nodes. Credit to miaubiz. (Medium)
  • [$1000] [108695] CVE-2011-3017: Possible use-after-free in database handling. Credit to miaubiz. (High)
  • [$1000] [110172] CVE-2011-3018: Heap overflow in path rendering. Credit to Aki Helin of OUSPG. (High)
  • [110849] CVE-2011-3019: Heap buffer overflow in MKV handling. Credit to Google Chrome Security Team (scarybeasts) and Mateusz Jurczyk of the Google Security Team. (High)
  • [111575] CVE-2011-3020: Native client validator error. Credit to Nick Bray of the Chromium development community. (Medium)
  • [$1000] [111779] CVE-2011-3021: Use-after-free in subframe loading. Credit to Arthur Gerkis. (High)
  • [112236] CVE-2011-3022: Inappropriate use of http for translation script. Credit to Google Chrome Security Team (Jorge Obes). (Medium)
  • [$500] [112259] CVE-2011-3023: Use-after-free with drag and drop. Credit to pa_kt. (Medium)
  • [112451] VE-2011-3024: Browser crash with empty x509 certificate. Credit to chrometot. (Low)
  • [$500] [112670] CVE-2011-3025: Out-of-bounds read in h.264 parsing. Credit to Sławomir Błażek. (Medium)
  • [$1337] [112822] CVE-2011-3026: Integer overflow / truncation in libpng. Credit to Jüri Aedla. (High)
  • [112847] CVE-2011-3027: Bad cast in column handling. Credit to miaubiz. (High)

Source: Google Chrome Releases

No comments: