====================================================================

                             CERT-Renater

                  Note d'Information No. 2012/VULN230
____________________________________________________________________

DATE                : 24/05/2012

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Google Chrome versions prior
                                     to 19.0.1084.52.

======================================================================
http://googlechromereleases.blogspot.com/2012/05/stable-channel-update_23.html
______________________________________________________________________

Stable Channel Update

Wednesday, May 23, 2012 | 15:15

Labels: Stable updates

The Chrome Stable channel has been updated to 19.0.1084.52 on Windows,
Mac, Linux and Chrome Frame.

Security fixes and rewards:

Please see the Chromium security page for more detail. Note that the
referenced bugs may be kept private until a majority of our users are
up to date with the fix.

    [117409] High CVE-2011-3103: Crashes in v8 garbage collection.
Credit to the Chromium development community (Brett Wilson).
    [118018] Medium CVE-2011-3104: Out-of-bounds read in Skia. Credit
to Google Chrome Security Team (Inferno).
    [$1000] [120912] High CVE-2011-3105: Use-after-free in first-letter
handling. Credit to miaubiz.
    [122654] Critical CVE-2011-3106: Browser memory corruption with
websockets over SSL. Credit to the Chromium development community
(Dharani Govindan).
    [124625] High CVE-2011-3107: Crashes in the plug-in JavaScript
bindings. Credit to the Chromium development community (Dharani
Govindan).
    [$1337] [125159] Critical CVE-2011-3108: Use-after-free in browser
cache. Credit to “efbiaiinzinz”.
    [Linux only] [$1000] [126296] High CVE-2011-3109: Bad cast in GTK
UI. Credit to Micha Bartholomé.
    [126337] [126343] [126378] [127349] [127819] [127868] High
CVE-2011-3110: Out of bounds writes in PDF. Credit to Mateusz Jurczyk
of the Google Security Team, with contributions by Gynvael Coldwind of
the Google Security Team.
    [$500] [126414] Medium CVE-2011-3111: Invalid read in v8. Credit
to Christian Holler.
    [127331] High CVE-2011-3112: Use-after-free with invalid encrypted
PDF. Credit to Mateusz Jurczyk of the Google Security Team, with
contributions by Gynvael Coldwind of the Google Security Team.
    [127883] High CVE-2011-3113: Invalid cast with colorspace handling
in PDF. Credit to Mateusz Jurczyk of the Google Security Team, with
contributions by Gynvael Coldwind of the Google Security Team.
    [128014] High CVE-2011-3114: Buffer overflows with PDF functions.
Credit to Google Chrome Security Team (scarybeasts).
    [$1000] [128018] High CVE-2011-3115: Type corruption in v8. Credit
to Christian Holler.


Many of these bugs were detected using AddressSanitizer.

Full details about what changes are in this release are available in
the SVN revision log. If you find a new issue, please let us know by
filing a bug.


Anthony Laforge
Google Chrome

======================================================================

=========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
=========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44          +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
+ 75013 Paris           | email: certsvp@renater.fr     +
=========================================================