The Chrome Stable channel has been updated to 13.0.782.215 for all platforms. This release contains the following security fixes.
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.
- [$1000] [Windows only] [72492] Medium CVE-2011-2822: URL parsing confusion on the command line. Credit to Vladimir Vorontsov, ONsec company.
- [82552] High CVE-2011-2823: Use-after-free in line box handling. Credit to Google Chrome Security Team (SkyLined) and independent later discovery by miaubiz.
- [$1000] [88216] High CVE-2011-2824: Use-after-free with counter nodes. Credit to miaubiz.
- [88670] High CVE-2011-2825: Use-after-free with custom fonts. Credit to wushi of team509 reported through ZDI (ZDI-CAN-1283), plus indepdendent later discovery by miaubiz.
- [$1000] [89402] High CVE-2011-2821: Double free in libxml XPath handling. Credit to Yang Dingning from NCNIPC, Graduate University of Chinese Academy of Sciences.
- [$1000] [87453] High CVE-2011-2826: Cross-origin violation with empty origins. Credit to Sergey Glazunov.
- [$1337] [Windows only] [89836] Critical CVE-2011-2806: Memory corruption in vertex handing. Credit to Michael Braithwaite of Turbulenz Limited.
- [$1000] [90668] High CVE-2011-2827: Use-after-free in text searching. Credit to miaubiz.
- [91517] High CVE-2011-2828: Out-of-bounds write in v8. Credit to Google Chrome Security Team (SkyLined).
- [$1500] [32-bit only] [91598] High CVE-2011-2829: Integer overflow in uniform arrays. Credit to Sergey Glazunov.
- [$1000] [Linux only] [91665] High CVE-2011-2839: Buggy memset() in PDF. Credit to Aki Helin of OUSPG.
Anthony Laforge
Google Chrome
Google Chrome
728x90
댓글