October 20, 2014

Google updates Chrome to fix a Critical vulnerability and update Flash

(LiveHacking.Com) –  Google has released a new version of Chrome for Windows, Mac and Linux. Chrome 23.0.1271.97 fixes several non-security related bugs along with at least one Critical level security vulnerability. The new version also includes an updated version of Flash following Adobe’s security update.

The Critical level bug is a crash in the history navigation. It was found by Michal Zalewski of the Google Security Team. The other security related bugs, along with the money awarded to the bounty hunter by Google under the Chromium security rewards scheme, are:

  • [$1500] [158204] High CVE-2012-5139: Use-after-free with visibility events. Credit to Chamal de Silva.
  • [$1000] [159429] High CVE-2012-5140: Use-after-free in URL loader. Credit to Chamal de Silva.
  • [160456] Medium CVE-2012-5141: Limit Chromoting client plug-in instantiation. Credit to Google Chrome Security Team (Jüri Aedla).
  • [160926] Medium CVE-2012-5143: Integer overflow in PPAPI image buffers. Credit to Google Chrome Security Team (Cris Neckar).
  • [$2000] [161639] High CVE-2012-5144: Stack corruption in AAC decoding. Credit to pawlkt.

The new version also fixes the following non-security related bugs

  • Some texts in a Website Settings popup are trimmed (Issue: 159156)
  • Linux: <input> selection renders white text on white bg in apps (Issue: 158422)
  • some plugins stopped working (Issue: 159896)
  • Windows 8: Unable to launch system level chrome after self destructing user-level chrome (Issue: 158632)
Share and Enjoy:
  • Print
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks