September 20, 2014

Chrome 24 released with new version of Flash and a $4000 bug fix

Chrome-logo-2011-03-16(LiveHacking.Com) –  Google has released Chrome 24  with support for MathML, a new version of Adobe Flash Player, fixes for various security issues in V8 (v8-3.14.5.3) and $6000 worth of High priority security fixes.

First, Adobe released a new version of Adobe Flash Player this week and Microsoft subsequently updated IE 10 to upgrade its built-in Flash Player. Google normally do the same thing and as expected Chrome 24 contains the latest Flash Player with the security fixes issued by Adobe.

Also, Google fixed some High priority security bugs. It paid security researchers over $6000 for their effort. Erling A Ellingsen and Subodh Iyengar, both of Facebook, got to share $4000 between them for a same origin policy bypass when using a malformed URL bug. The full list of rewards is:

  • [$1000] [162494] High CVE-2012-5145: Use-after-free in SVG layout. Credit to Atte Kettunen of OUSPG.
  • [$4000] [165622] High CVE-2012-5146: Same origin policy bypass with malformed URL. Credit to Erling A Ellingsen and Subodh Iyengar, both of Facebook.
  • [$1000] [165864] High CVE-2012-5147: Use-after-free in DOM handling. Credit to José A. Vázquez.

Google also fixed a number of other security related bugs which were found by Google’s Chrome Security Team:

  • [167122] Medium CVE-2012-5148: Missing filename sanitization in hyphenation support. Credit to Google Chrome Security Team (Justin Schuh).
  • [166795] High CVE-2012-5149: Integer overflow in audio IPC handling. Credit to Google Chrome Security Team (Chris Evans).
  • [165601] High CVE-2012-5150: Use-after-free when seeking video. Credit to Google Chrome Security Team (Inferno).
  • [165538] High CVE-2012-5151: Integer overflow in PDF JavaScript. Credit to Mateusz Jurczyk, with contribution from Gynvael Coldwind, both of Google Security Team.
  • [165430] Medium CVE-2012-5152: Out-of-bounds read when seeking video. Credit to Google Chrome Security Team (Inferno).
  • [164565] High CVE-2012-5153: Out-of-bounds stack access in v8. Credit to Andreas Rossberg of the Chromium development community.
  • [Windows only] [164490] Low CVE-2012-5154: Integer overflow in shared memory allocation. Credit to Google Chrome Security Team (Chris Evans).
  • [Mac only] [163208] Medium CVE-2012-5155: Missing Mac sandbox for worker processes. Credit to Google Chrome Security Team (Julien Tinnes).
  • [162778] High CVE-2012-5156: Use-after-free in PDF fields. Credit to Mateusz Jurczyk, with contribution from Gynvael Coldwind, both of Google Security Team.
  • [162776] [162156] Medium CVE-2012-5157: Out-of-bounds reads in PDF image handling. Credit to Mateusz Jurczyk, with contribution from Gynvael Coldwind, both of Google Security Team.
  • [162153] High CVE-2013-0828: Bad cast in PDF root handling. Credit to Mateusz Jurczyk, with contribution from Gynvael Coldwind, both of Google Security Team.
  • [162114] High CVE-2013-0829: Corruption of database metadata leading to incorrect file access. Credit to Google Chrome Security Team (Jüri Aedla).
  • [Windows only] [162066] Low CVE-2013-0830: Missing NUL termination in IPC. Credit to Google Chrome Security Team (Justin Schuh).
  • [161836] Low CVE-2013-0831: Possible path traversal from extension process. Credit to Google Chrome Security Team (Tom Sepez).
  • [160380] Medium CVE-2013-0832: Use-after-free with printing. Credit to Google Chrome Security Team (Cris Neckar).
  • [154485] Medium CVE-2013-0833: Out-of-bounds read with printing. Credit to Google Chrome Security Team (Cris Neckar).
  • [154283] Medium CVE-2013-0834: Out-of-bounds read with glyph handling. Credit to Google Chrome Security Team (Cris Neckar).
  • [152921] Low CVE-2013-0835: Browser crash with geolocation. Credit to Arthur Gerkis.
  • [150545] High CVE-2013-0836: Crash in v8 garbage collection. Credit to Google Chrome Security Team (Cris Neckar).
  • [145363] Medium CVE-2013-0837: Crash in extension tab handling. Credit to Tom Nielsen.
  • [Linux only] [143859] Low CVE-2013-0838: Tighten permissions on shared memory segments. Credit to Google Chrome Security Team (Chris Palmer).

 

Share and Enjoy:
  • Print
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks