Google has released Chrome 17.0.963.83 Stable for Windows, MAC OS, Linux, and Chrome Frame to address multiple vulnerabilities. Six of those are rated High, with the remaining one classified as Medium and two classified as Low. These vulnerabilities may allow an attacker to execute arbitrary code, bypass security restrictions, operate with escalated privileges, or perform a cross-site scripting attack. In addition, this update also fixes issues with Flash games.
Overview
Google Chrome is a browser that combines a minimal design with sophisticated technology to make the web faster, safer, and easier. It has one box for everything: Type in the address bar and get suggestions for both search and web pages. Will give you thumbnails of your top sites, access your favorite pages instantly with lightning speed from any new tab. Desktop shortcuts allow you to launch your favorite Web apps straight from your desktop.
Install Google Chrome
To install Google Chrome 17.0.963.83 Stable please visit http://www.google.com/chrome web site.
Google Chrome 17.0.963.83 Stable
What's new in Google Chrome 17.0.963.83 Stable (March 21, 2012)
Google Chrome 17.0.963.83 contains following stability and bug fixes:
- Fixed issues with Flash games.
Security fixes and rewards:
- [$1000] [113902] CVE-2011-3050: Use-after-free with first-letter handling. Credit to miaubiz. (High)
- [116162] CVE-2011-3045: libpng integer issue from upstream. Credit to Glenn Randers-Pehrson of the libpng project. (High)
- [$1000] [116461] CVE-2011-3051: Use-after-free in CSS cross-fade handling. Credit to Arthur Gerkis. (High)
- [116637] CVE-2011-3052: Memory corruption in WebGL canvas handling. Credit to Ben Vanik of Google. (High)
- [$1000] [116746] CVE-2011-3053: Use-after-free in block splitting. Credit to miaubiz. (High)
- [117418] CVE-2011-3054: Apply additional isolations to webui privileges. Credit to Sergey Glazunov. (Low)
- [117736] CVE-2011-3055: Prompt in the browser native UI for unpacked extension installation. Credit to PinkiePie. (Low)
- [$2000] [117550] CVE-2011-3056: Cross-origin violation with "magic iframe". Credit to Sergey Glazunov. (High)
- [$500] [117794] CVE-2011-3057: Invalid read in v8. Credit to Christian Holler. (Medium)
Note:This single low severity issue was fixed in a previous patch but we forgot to issue proper credit:
- [108648] Low CVE-2011-3049: Extension web request API can interfere with system requests. Credit to Michael Gundlach.
You can find the full details about changes that are in this version of Chrome 17 from the SVN revision log.
Source
No comments:
Post a Comment