November 25, 2014

Google releases Chrome 23 with some unique security bug fixes

(LiveHacking.Com) – Google has released Chrome 23 with some new features, like the option to send a ‘do not track’ request to websites, as well as some interesting security fixes. A “normal” Chrome update includes a variety of bug fixes found by Google itself and by outside security researchers who are reward (in cash) by Google for their efforts. However this time things are slight different.

First of all Google has issued a special reward to  miaubiz for non-Chrome related bug which is very severe and/or Google are able to partially work around the issue. In this case it was a way to defend against wild writes in buggy graphics drivers on Mac OS X. miaubiz got $1000 for his efforts!

This then also led to another $1000 for miaubiz for an integer bounds check issue in GPU command buffers, again only on Mac OS X.

Finally there is a out-of-bounds array access bug in v8 which was found by Atte Kettunen of OUSPG. This particular bug only affected Linux 64-bit systems only.

For the rest it was security bug squashing as normal:

  • [$3500] [157079] Medium CVE-2012-5127: Integer overflow leading to out-of-bounds read in WebP handling. Credit to Phil Turnbull.
  • [$1000] [143761] High CVE-2012-5116: Use-after-free in SVG filter handling. Credit to miaubiz.
  • [$1000] [154055] High CVE-2012-5121: Use-after-free in video layout. Credit to Atte Kettunen of OUSPG.
  • [145915] Low CVE-2012-5117: Inappropriate load of SVG subresource in img context. Credit to Felix Gröbert of the Google Security Team.
  • [149759] Medium CVE-2012-5119: Race condition in Pepper buffer handling. Credit to Fermin Serna of the Google Security Team.
  • [154465] Medium CVE-2012-5122: Bad cast in input handling. Credit to Google Chrome Security Team (Inferno).
  • [154590] [156826] Medium CVE-2012-5123: Out-of-bounds reads in Skia. Credit to Google Chrome Security Team (Inferno).
  • [155323] High CVE-2012-5124: Memory corruption in texture handling. Credit to Al Patrick of the Chromium development community.
  • [156051] Medium CVE-2012-5125: Use-after-free in extension tab handling. Credit to Alexander Potapenko of the Chromium development community.
  • [156366] Medium CVE-2012-5126: Use-after-free in plug-in placeholder handling. Credit to Google Chrome Security Team (Inferno).
  • [157124] High CVE-2012-5128: Bad write in v8. Credit to Google Chrome Security Team (Cris Neckar).

Since adobe has released a new version of its ubiquitous Flash Player to address vulnerabilities that could cause a crash and potentially be exploited by an attacker to infect a PC with malware, Chrome 23 includes the updates version of Flash Player.