=====================================================================

                           CERT-Renater

               Note d'Information No. 2013/VULN069
_____________________________________________________________________

DATE                : 22/02/2013

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S) : Windows, Linux running Google Chrome versions
                         prior to 25.0.1364.97,
                      Mac OS X running Google Chrome versions
                         prior to 25.0.1364.99.

======================================================================
http://googlechromereleases.blogspot.fr/2013/02/stable-channel-update_21.html
______________________________________________________________________

Stable Channel Update

The Chrome team is excited to announce the promotion of Chrome 25 to
the Stable Channel. Chrome 25.0.1364.97 for Windows and Linux, and
25.0.1364.99 for Mac contain a number of new items including:

    Improvements in managing and securing your extensions
    Better support for HTML5 time/date inputs
    JavaScript Web Speech API support
    Better WebGL error handling
    And lots of other features for developers


Security fixes and rewards:

Please see the Chromium security page for more detail. Note that the
referenced bugs may be kept private until a majority of our users are
up to date with the fix.


    [$1000] [172243] High CVE-2013-0879: Memory corruption with web
audio node. Credit to Atte Kettunen of OUSPG.

    [$1000] [171951] High CVE-2013-0880: Use-after-free in database
handling. Credit to Chamal de Silva.

    [$500] [167069] Medium CVE-2013-0881: Bad read in Matroska
handling. Credit to Atte Kettunen of OUSPG.

    [$500] [165432] High CVE-2013-0882: Bad memory access with
excessive SVG parameters. Credit to Renata Hodovan.

    [$500] [142169] Medium CVE-2013-0883: Bad read in Skia. Credit to
Atte Kettunen of OUSPG.

    [172984] Low CVE-2013-0884: Inappropriate load of NaCl. Credit to
Google Chrome Security Team (Chris Evans).

    [172369] Medium CVE-2013-0885: Too many API permissions granted to
web store.

    [Mac only] [171569] Medium CVE-2013-0886: Incorrect NaCl signal
handling. Credit to Mark Seaborn of the Chromium development community.

    [171065] [170836] Low CVE-2013-0887: Developer tools process has
too many permissions and places too much trust in the connected server.

    [170666] Medium CVE-2013-0888: Out-of-bounds read in Skia. Credit
to Google Chrome Security Team (Inferno).

    [170569] Low CVE-2013-0889: Tighten user gesture check for
dangerous file downloads.

    [169973] [169966] High CVE-2013-0890: Memory safety issues across
the IPC layer. Credit to Google Chrome Security Team (Chris Evans).

    [169685] High CVE-2013-0891: Integer overflow in blob handling.
Credit to Google Chrome Security Team (Jüri Aedla).

    [169295] [168710] [166493] [165836] [165747] [164958] [164946]
Medium CVE-2013-0892: Lower severity issues across the IPC layer.
Credit to Google Chrome Security Team (Chris Evans).

    [168570] Medium CVE-2013-0893: Race condition in media handling.
Credit to Andrew Scherkus of the Chromium development community.

    [168473] High CVE-2013-0894: Buffer overflow in vorbis decoding.
Credit to Google Chrome Security Team (Inferno).

    [Linux / Mac] [167840] High CVE-2013-0895: Incorrect path handling
in file copying. Credit to Google Chrome Security Team (Jüri Aedla).

    [166708] High CVE-2013-0896: Memory management issues in plug-in
message handling. Credit to Google Chrome Security Team (Cris Neckar).

    [165537] Low CVE-2013-0897: Off-by-one read in PDF. Credit to
Mateusz Jurczyk, with contributions by Gynvael Coldwind, both from
Google Security Team.

    [164643] High CVE-2013-0898: Use-after-free in URL handling. Credit
to Alexander Potapenko of the Chromium development community.

    [160480] Low CVE-2013-0899: Integer overflow in Opus handling.
Credit to Google Chrome Security Team (Jüri Aedla).

    [152442] Medium CVE-2013-0900: Race condition in ICU. Credit to
Google Chrome Security Team (Inferno).

We’ve also resolved a high severity security issue by disabling MathML
in this release. The WebKit MathML implementation isn’t quite ready for
prime time yet but we are excited to enable it again in a future
release once the security issues have been addressed.

Many of the above bugs were detected using AddressSanitizer.

We’d also like to thank Christian Holler, miaubiz and Atte Kettunen for
working with us during the development cycle and preventing security
regressions from ever reaching the stable channel. Rewards were issued.

A full list of changes in this build is available in the SVN revision
log. Interested in switching release channels? Find out how. If you
find a new issue, please let us know by filing a bug.


Jason Kersey
Google Chrome


======================================================================

=========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
=========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44          +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
+ 75013 Paris           | email: certsvp@renater.fr     +
=========================================================