Stable Channel Update
Posted: 23 May 2012 03:15 PM PDT
The Chrome Stable channel has been updated to
19.0.1084.52 on Windows, Mac, Linux and Chrome Frame.
Security
fixes and rewards:
Please see the Chromium
security page formore detail. Note that the referenced bugs may be kept private until a majorityof our users are up to date with the fix.
· [117409] High CVE-2011-3103: Crashes in v8 garbage
collection. Credit to the Chromium
development community (Brett Wilson).
· [118018] Medium CVE-2011-3104: Out-of-bounds read in Skia. Credit to Google Chrome Security Team (Inferno).
· [$1000] [120912] High CVE-2011-3105: Use-after-free in first-letter
handling. Credit to miaubiz.
· [122654] Critical CVE-2011-3106: Browser memory corruption with
websockets over SSL. Credit to the
Chromium development community (Dharani Govindan).
· [124625] High CVE-2011-3107: Crashes in the plug-in
JavaScript bindings. Credit to the
Chromium development community (Dharani Govindan).
· [$1337] [125159] Critical CVE-2011-3108: Use-after-free in browser
cache. Credit to “efbiaiinzinz”.
· [Linux only] [$1000] [126296] High CVE-2011-3109: Bad cast in GTK UI. Credit to Micha Bartholomé.
· [126337] [126343] [126378] [127349] [127819] [127868] High CVE-2011-3110: Out of bounds writes in PDF. Credit to Mateusz Jurczyk of the Google Security
Team, with contributions by Gynvael Coldwind of the Google Security Team.
· [$500] [126414] Medium CVE-2011-3111: Invalid read in v8. Credit to Christian Holler.
· [127331] High CVE-2011-3112: Use-after-free with invalid
encrypted PDF. Credit to Mateusz
Jurczyk of the Google Security Team, with contributions by Gynvael Coldwind of
the Google Security Team.
· [127883] High CVE-2011-3113: Invalid cast with colorspace handling
in PDF. Credit to Mateusz Jurczyk
of the Google Security Team, with contributions by Gynvael Coldwind of the
Google Security Team.
· [128014] High CVE-2011-3114: Buffer overflows with PDF
functions. Credit to Google Chrome
Security Team (scarybeasts).
· [$1000] [128018] High CVE-2011-3115: Type corruption in v8. Credit to Christian Holler.
Many of these bugs were detected using AddressSanitizer.
Full details about what changes are in this
release are available in the Link Removed due to 404 Error. If you find a new issue,
please let us know byLink Removed - Invalid URL.
Anthony Laforge
Google Chrome
Posted: 23 May 2012 03:15 PM PDT
The Chrome Stable channel has been updated to
19.0.1084.52 on Windows, Mac, Linux and Chrome Frame.
Security
fixes and rewards:
Please see the Chromium
security page formore detail. Note that the referenced bugs may be kept private until a majorityof our users are up to date with the fix.
· [117409] High CVE-2011-3103: Crashes in v8 garbage
collection. Credit to the Chromium
development community (Brett Wilson).
· [118018] Medium CVE-2011-3104: Out-of-bounds read in Skia. Credit to Google Chrome Security Team (Inferno).
· [$1000] [120912] High CVE-2011-3105: Use-after-free in first-letter
handling. Credit to miaubiz.
· [122654] Critical CVE-2011-3106: Browser memory corruption with
websockets over SSL. Credit to the
Chromium development community (Dharani Govindan).
· [124625] High CVE-2011-3107: Crashes in the plug-in
JavaScript bindings. Credit to the
Chromium development community (Dharani Govindan).
· [$1337] [125159] Critical CVE-2011-3108: Use-after-free in browser
cache. Credit to “efbiaiinzinz”.
· [Linux only] [$1000] [126296] High CVE-2011-3109: Bad cast in GTK UI. Credit to Micha Bartholomé.
· [126337] [126343] [126378] [127349] [127819] [127868] High CVE-2011-3110: Out of bounds writes in PDF. Credit to Mateusz Jurczyk of the Google Security
Team, with contributions by Gynvael Coldwind of the Google Security Team.
· [$500] [126414] Medium CVE-2011-3111: Invalid read in v8. Credit to Christian Holler.
· [127331] High CVE-2011-3112: Use-after-free with invalid
encrypted PDF. Credit to Mateusz
Jurczyk of the Google Security Team, with contributions by Gynvael Coldwind of
the Google Security Team.
· [127883] High CVE-2011-3113: Invalid cast with colorspace handling
in PDF. Credit to Mateusz Jurczyk
of the Google Security Team, with contributions by Gynvael Coldwind of the
Google Security Team.
· [128014] High CVE-2011-3114: Buffer overflows with PDF
functions. Credit to Google Chrome
Security Team (scarybeasts).
· [$1000] [128018] High CVE-2011-3115: Type corruption in v8. Credit to Christian Holler.
Many of these bugs were detected using AddressSanitizer.
Full details about what changes are in this
release are available in the Link Removed due to 404 Error. If you find a new issue,
please let us know byLink Removed - Invalid URL.
Anthony Laforge
Google Chrome