Google Chrome 19.0.1084.52 Update Fixes Two Critical Vulnerabilities

Google Chrome Stable Update
Google has released Chrome 19.0.1084.52 Stable for Windows, MAC OS, Linux, and Chrome Frame to address multiple vulnerabilities. Two of those are rated Critical, with the remaining nine classified as High and two classified as Medium. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

Overview
Google Chrome is a browser that combines a minimal design with sophisticated technology to make the web faster, safer, and easier. It has one box for everything: Type in the address bar and get suggestions for both search and web pages. Will give you thumbnails of your top sites, access your favorite pages instantly with lightning speed from any new tab. Desktop shortcuts allow you to launch your favorite Web apps straight from your desktop.

Install Google Chrome
Interested in using the Google Chrome Stable please visit http://www.google.com/chrome web site.

Google Chrome 19.0.1084.52 Stable

What's new in Google Chrome 19.0.1084.52 Stable (May 23, 2012)
Google Chrome 19.0.1084.52 contains following stability and bug fixes:

Security fixes and rewards:
  • [117409] CVE-2011-3103: Crashes in v8 garbage collection. Credit to the Chromium development community (Brett Wilson). (High)
  • [118018] CVE-2011-3104: Out-of-bounds read in Skia. Credit to Google Chrome Security Team (Inferno). (Medium)
  • [$1000] [120912] CVE-2011-3105: Use-after-free in first-letter handling. Credit to miaubiz. (High)
  • [122654] CVE-2011-3106: Browser memory corruption with websockets over SSL. Credit to the Chromium development community (Dharani Govindan). (Critical)
  • [124625] CVE-2011-3107: Crashes in the plug-in JavaScript bindings. Credit to the Chromium development community (Dharani Govindan). (High)
  • [$1337] [125159] CVE-2011-3108: Use-after-free in browser cache. Credit to “efbiaiinzinz”. (Critical)
  • [Linux only] [$1000] [126296] CVE-2011-3109: Bad cast in GTK UI. Credit to Micha Bartholomé. (High)
  • [126337] [126343] [126378] [127349] [127819] [127868] CVE-2011-3110: Out of bounds writes in PDF. Credit to Mateusz Jurczyk of the Google Security Team, with contributions by Gynvael Coldwind of the Google Security Team. (High)
  • [$500] [126414] CVE-2011-3111: Invalid read in v8. Credit to Christian Holler. (Medium)
  • [127331] CVE-2011-3112: Use-after-free with invalid encrypted PDF. Credit to Mateusz Jurczyk of the Google Security Team, with contributions by Gynvael Coldwind of the Google Security Team. (High)
  • [127883] CVE-2011-3113: Invalid cast with colorspace handling in PDF. Credit to Mateusz Jurczyk of the Google Security Team, with contributions by Gynvael Coldwind of the Google Security Team. (High)
  • [128014] CVE-2011-3114: Buffer overflows with PDF functions. Credit to Google Chrome Security Team (scarybeasts). (High)
  • [$1000] [128018] CVE-2011-3115: Type corruption in v8. Credit to Christian Holler. (High)

Note: Many of these bugs were detected using AddressSanitizer.

Source

No comments: