===================================================================== CERT-Renater Note d'Information No. 2010/VULN148 _____________________________________________________________________ DATE : 03/05/2010 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Systems running Google Chrome versions prior to 4.1.249.1064. ====================================================================== http://googlechromereleases.blogspot.com/2010/04/stable-update-bug-and-security-fixes.html ______________________________________________________________________ Stable Update: Bug and Security Fixes Google Chrome 4.1.249.1064 has been released to the Stable channel on Windows. This release fixes the following issues: Google Chrome was not using the correct path for the Java plugin for Java Version 6 Update 20. 4.1.249.1059 was much slower on JavaScript benchmarks than 4.1.249.1045. (Issue 42158) This release also fixes the following security issues: Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix. [$1000] [40445] High Cross-origin bypass in Google URL (GURL). Credit: Jordi Chancel. [40487] High Memory corruption in HTML5 Media handling. Credit: David Bloom of Google Security Team. [$500] [42294] High Memory corruption in font handling. Credit: wushi of team509. If you find issues, please let us know: http://code.google.com/p/chromium/issues/entry --Mark Larson, Google Chrome Team ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================