===================================================================== CERT-Renater Note d'Information No. 2010/VULN499 _____________________________________________________________________ DATE : 03/12/2010 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Systems running Google Chrome versions prior to 8.0.552.215. ====================================================================== http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates.html ______________________________________________________________________ Stable, Beta Channel Updates Thursday, December 2, 2010 | 11:47 Labels: Beta updates, Stable updates The Chrome team is happy to announce our latest Stable release, 8.0.552.215. In addition to the over 800 bug fixes and stability improvements, Chrome 8 now contains a built in PDF viewer that is secured in Chrome’s sandbox. As always, it also contains our latest security fixes, listed below. This release will also be posted to the Beta Channel. Security fixes and rewards: Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix. * [17655] Low Possible pop-up blocker bypass. Credit to Google Chrome Security Team (SkyLined). * [55745] Medium Cross-origin video theft with canvas. Credit to Nirankush Panchbhai and Microsoft Vulnerability Research (MSVR). * [56237] Low Browser crash with HTML5 databases. Credit to Google Chrome Security Team (Inferno). * [58319] Low Prevent excessive file dialogs, possibly leading to browser crash. Credit to Cezary Tomczak (gosu.pl). * [$500] [59554] High Use after free in history handling. Credit to Stefan Troger. * [Linux / Mac] [59817] Medium Make sure the “dangerous file types” list is uptodate with the Windows platforms. Credit to Billy Rios of the Google Security Team. * [61701] Low Browser crash with HTTP proxy authentication. Credit to Mohammed Bouhlel. * [61653] Medium Out-of-bounds read regression in WebM video support. Credit to Google Chrome Security Team (Chris Evans), based on earlier testcases from Mozilla and Microsoft (MSVR). * [$1000] [62127] High Crash due to bad indexing with malformed video. Credit to miaubiz. * [62168] Medium Possible browser memory corruption via malicious privileged extension. Credit to kuzzcc. * [$1000] [62401] High Use after free with SVG animations. Credit to Sławomir Błażek. * [$500] [63051] Medium Use after free in mouse dragging event handling. Credit to kuzzcc. * [$1000] [63444] High Double free in XPath handling. Credit to Yang Dingning from NCNIPC, Graduate University of Chinese Academy of Sciences. We would like to offer special thanks -- and a number of rewards -- to Aki Helin of OUSPG for his extensive help with the new PDF feature. We’d also like to extend thanks to Sergey Glazunov and Marc Schoenefeld for finding bugs during the development cycle such that they never reached a stable build. Full details about the changes are available in the SVN revision log. If you find new issues, please let us know by filing a bug. Want to change to another Chrome release channel? Find out how. Jason Kersey Google Chrome ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================