====================================================================

                                        CERT-Renater

                              Note d'Information No. 2012/VULN204
____________________________________________________________________

DATE                : 02/05/2012

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S) : Systems running Chrome Stable Channel versions
                         prior to 18.0.1025.168.

======================================================================
http://googlechromereleases.blogspot.com/2012/04/stable-channel-update_30.html
______________________________________________________________________

Stable Channel Update
Monday, April 30, 2012 | 13:38
Labels: Stable updates

The Chrome Stable channel has been updated to 18.0.1025.168 on Windows,
Mac, Linux and Chrome Frame.


Security fixes and rewards:

Please see the Chromium security page for more detail. Note that the
referenced bugs may be kept private until a majority of our users are
up to date with the fix.

[106413] High CVE-2011-3078: Use after free in floats handling. Credit to
Google Chrome Security Team (Marty Barbella) and independent later
discovery by miaubiz.
[117110] High CVE-2012-1521: Use after free in xml parser. Credit to
Google Chrome Security Team (SkyLined) and independent later discovery
by  wushi of team509 reported through iDefense VCP (V-874rcfpq7z).
[117627] Medium CVE-2011-3079: IPC validation failure. Credit to PinkiePie.
[121726] Medium CVE-2011-3080: Race condition in sandbox IPC. Credit to
Willem Pinckaers of Matasano.
[$1000] [121899] High CVE-2011-3081: Use after free in floats handling.
Credit to miaubiz.

The bugs [106413], [117110] and [121899] were detected using
AddressSanitizer.


Full details about what changes are in this release are available in
the SVN revision log.  Interested in hopping on the stable channel?
Find out how.  If you find a new issue, please let us know by filing
a bug.

Karen Grunberg
Google Chrome

======================================================================

=========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
=========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44          +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
+ 75013 Paris           | email: certsvp@renater.fr     +
=========================================================