Google Chrome 17.0.963.65 Stable security updates

Google Chrome Stable Update
Google Chrome 17.0.963.65 has been updated to the Stable channel for Windows, MAC, Linux, and Chrome Frame. This update fixes a number of issues including:

  • Cursors and backgrounds sometimes do not load (bug 111218)
  • Plugins not loading on some pages (bug 108228)
  • Text paste includes trailing spaces (bug 106551)
  • Websites using touch controls break (bug 110332)

This update also address a total of 17 vulnerabilities, 14 of which were considered to be high risk and 3 special bugs. Along with these fixes, the release contains an updated version of the Adobe Flash player (11.1.102.63).

Overview
Google Chrome is a browser that combines a minimal design with sophisticated technology to make the web faster, safer, and easier. It has one box for everything: Type in the address bar and get suggestions for both search and web pages. Will give you thumbnails of your top sites, access your favorite pages instantly with lightning speed from any new tab. Desktop shortcuts allow you to launch your favorite Web apps straight from your desktop.

Install Google Chrome
To install Google Chrome 17.0.963.65 Stable please visit http://www.google.com/chrome website.

Google Chrome 17.0.963.65

What's new in Google Chrome 17.0.963.65 Stable (March 4, 2012)
Google Chrome 17.0.963.65 includes a new version of Flash Player (v11.1.102.63) plug-in.

Special rewards for some special bugs:
  • [$10,000] [116661] Rockstar CVE-1337-d00d1: Excessive WebKit fuzzing. Credit to miaubiz.
  • [$10,000] [116662] Legend CVE-1337-d00d2: Awesome variety of fuzz targets. Credit to Aki Helin of OUSPG.
  • [$10,000] [116663] Superhero CVE-1337-d00d3: Significant pain inflicted upon SVG. Credit to Arthur Gerkis.

Security fixes and rewards:
  • [$1000] [105867] CVE-2011-3031: Use-after-free in v8 element wrapper. Credit to Chamal de Silva. (High)
  • [$1000] [108037] CVE-2011-3032: Use-after-free in SVG value handling. Credit to Arthur Gerkis. (High)
  • [$2000] [108406] [115471] CVE-2011-3033: Buffer overflow in the Skia drawing library. Credit to Aki Helin of OUSPG. (High)
  • [$1000] [111748] CVE-2011-3034: Use-after-free in SVG document handling. Credit to Arthur Gerkis. (High)
  • [$2000] [112212] CVE-2011-3035: Use-after-free in SVG use handling. Credit to Arthur Gerkis. (High)
  • [$1000] [113258] CVE-2011-3036: Bad cast in line box handling. Credit to miaubiz. (High)
  • [$3000] [113439] [114924] [115028] CVE-2011-3037: Bad casts in anonymous block splitting. Credit to miaubiz. (High)
  • [$1000] [113497] CVE-2011-3038: Use-after-free in multi-column handling. Credit to miaubiz. (High)
  • [$1000] [113707] CVE-2011-3039: Use-after-free in quote handling. Credit to miaubiz. (High)
  • [$500] [114054] CVE-2011-3040: Out-of-bounds read in text handling. Credit to miaubiz. (High)
  • [$1000] [114068] CVE-2011-3041: Use-after-free in class attribute handling. Credit to miaubiz. (High)
  • [$1000] [114219] CVE-2011-3042: Use-after-free in table section handling. Credit to miaubiz. (High)
  • [$1000] [115681] CVE-2011-3043: Use-after-free in flexbox with floats. Credit to miaubiz. (High)
  • [$1000] [116093] CVE-2011-3044: Use-after-free with SVG animation elements. Credit to Arthur Gerkis. (High)

The majority of the above bugs were detected using AddressSanitizer.

Source
Google Chrome Releases

No comments: