Critical Vulnerability Fixed in Chrome 23
Contributed by: Email on 12/11/2012 04:18 PM
[
Comments
]
It's Patch Tuesday, and not just for Microsoft and Adobe. Google also patched a number of security vulnerabilities in its Chrome browser today, including one critical flaw and three high-severity ones.
The most serious vulnerability that Google fixed in Chrome 23 is a crash in the browser's history navigation mechanism. That bug, which was discovered by Michal Zalewski of Google's internal security team, is the only critical vulnerability fixed in the newest version of Chrome. There also are three high-severity vulnerabilities repaired in this release, including two use-after-free bugs, both of which were discovered by Chamal de Silva.
Here's the full list of flaws fixed in Chrome 23.0.1271.97:
[$1500] [158204] High CVE-2012-5139: Use-after-free with visibility events. Credit to Chamal de Silva.
[$1000] [159429] High CVE-2012-5140: Use-after-free in URL loader. Credit to Chamal de Silva.
Medium CVE-2012-5141: Limit Chromoting client plug-in instantiation. Credit to Google Chrome Security Team (Jüri Aedla).
[160803] Critical CVE-2012-5142: Crash in history navigation. Credit to Michal Zalewski of Google Security Team.
[160926] Medium CVE-2012-5143: Integer overflow in PPAPI image buffers. Credit to Google Chrome Security Team (Cris Neckar).
[$2000] [161639] High CVE-2012-5144: Stack corruption in AAC decoding. Credit to pawlkt.
The most serious vulnerability that Google fixed in Chrome 23 is a crash in the browser's history navigation mechanism. That bug, which was discovered by Michal Zalewski of Google's internal security team, is the only critical vulnerability fixed in the newest version of Chrome. There also are three high-severity vulnerabilities repaired in this release, including two use-after-free bugs, both of which were discovered by Chamal de Silva.
Here's the full list of flaws fixed in Chrome 23.0.1271.97:
[$1500] [158204] High CVE-2012-5139: Use-after-free with visibility events. Credit to Chamal de Silva.
[$1000] [159429] High CVE-2012-5140: Use-after-free in URL loader. Credit to Chamal de Silva.
Medium CVE-2012-5141: Limit Chromoting client plug-in instantiation. Credit to Google Chrome Security Team (Jüri Aedla).
[160803] Critical CVE-2012-5142: Crash in history navigation. Credit to Michal Zalewski of Google Security Team.
[160926] Medium CVE-2012-5143: Integer overflow in PPAPI image buffers. Credit to Google Chrome Security Team (Cris Neckar).
[$2000] [161639] High CVE-2012-5144: Stack corruption in AAC decoding. Credit to pawlkt.
Comments
