===================================================================== CERT-Renater Note d'Information No. 2010/VULN340 _____________________________________________________________________ DATE : 03/09/2010 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Systems running Google Chrome versions prior to 6.0.472.53. ====================================================================== http://googlechromereleases.blogspot.com/2010/09/stable-and-beta-channel-updates.html ______________________________________________________________________ Stable and Beta Channel Updates Thursday, September 2, 2010 | 07:04 Labels: Beta updates, Stable updates Google Chrome 6.0.472.53 has been released to the stable and beta channels for Windows, Mac, and Linux. Updates from the previous stable release include: * Updated UI * Form Autofill * Syncing of extensions and Autofill data * Increased speed and stability More information on these and other changes in Chrome 6 can be found on the Google Chrome blog. Download Chrome today! Security fixes and rewards: Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix. * [34414] Low Pop-up blocker bypass with blank frame target. Credit to Google Chrome Security Team (Inferno) and “ironfist99”. * [37201] Medium URL bar visual spoofing with homographic sequences. Credit to Chris Weber of Casaba Security. * [41654] Medium Apply more restrictions on setting clipboard content. Credit to Brook Novak. * [45659] High Stale pointer with SVG filters. Credit to Tavis Ormandy of the Google Security Team. * [45876] Medium Possible installed extension enumeration. Credit to Lostmon. * [46750] [51846] Low Browser NULL crash with WebSockets. Credit to Google Chrome Security Team (SkyLined), Google Chrome Security Team (Justin Schuh) and Keith Campbell. * [$1000] [50386] High Use-after-free in Notifications presenter. Credit to Sergey Glazunov. * [50839] High Notification permissions memory corruption. Credit to Michal Zalewski of the Google Security Team and Google Chrome Security Team (SkyLined). * [$1337] [51630] [51739] High Integer errors in WebSockets. Credit to Keith Campbell and Google Chrome Security Team (Cris Neckar). * [$500] [51653] High Memory corruption with counter nodes. Credit to kuzzcc. * [51727] Low Avoid storing excessive autocomplete entries. Credit to Google Chrome Security Team (Inferno). * [52443] High Stale pointer in focus handling. Credit to VUPEN Vulnerability Research Team (VUPEN-SR-2010-249). * [$1000] [52682] High Sandbox parameter deserialization error. Credit to Ashutosh Mehra and Vineet Batra of the Adobe Reader Sandbox Team. * [$500] [53001] Medium Cross-origin image theft. Credit to Isaac Dawson. This release also fixes [51070] (Windows kernel bug workaround; credit to Marc Schoenefeld), which was incorrectly declared fixed in version 5.0.375.127. In addition, we would like to credit Google Chrome Security Team (Inferno), James Robinson (Chromium development community), Google Chrome Security Team (Cris Neckar), Aki Helin of OUSPG, Fred Akalin (Chromium development community), Anna Popivanova, “myusualnickname”, Michal Zalewski of the Google Security Team, kuzzcc and Aaron Boodman (Chromium development community) for finding bugs during the development cycle such that they never reached a stable build. If you find new issues, please let us know by filing a bug. If you would like to use the stable channel, you can find out more about changing your Chrome channel. Jason Kersey Google Chrome ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================