April 15, 2014

Google updates Chrome to fix Critical security vulnerability in audio device handling

(LiveHacking.Com) – Google has released Chrome 22.0.1229.92 to fix several security related bugs, including a Critical security vulnerability in its audio device handling, and to update the built-in Adobe Flash player. Google paid out over $4000 to Atte Kettunen of OUSPG for his help in finding the audio related bug and a crash in Skia text rendering.

The list of security fixes are:

[$1000] [138208] High CVE-2012-2900: Crash in Skia text rendering. Credit to Atte Kettunen of OUSPG.
[$3133.7] [147499] Critical CVE-2012-5108: Race condition in audio device handling. Credit to Atte Kettunen of OUSPG.
[$500] [148692] Medium CVE-2012-5109: OOB read in ICU regex. Credit to Arthur Gerkis.
[151449] Medium CVE-2012-5110: Out-of-bounds read in compositor. Credit to Google Chrome Security Team (Inferno).
[151895] Low CVE-2012-5111: Plug-in crash monitoring was missing for Pepper plug-ins. Credit to Google Chrome Security Team (Chris Evans).

It is worth noting that Google keep the referenced bugs private until a majority of Chrome users are up to date with the fixes.

Also included in Chrome 22.0.1229.92 is the latest version of the Adobe Flash Player which was just updated to address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system. The new versions in Chrome are 11.4.31.110 for Windows and Linux, and 11.4.402.287 for Macintosh.

Share and Enjoy:
  • Print
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks