Lucene search

K
chromeHttps://chromereleases.googleblog.comGCSA-4199879357461266177
HistoryMar 21, 2012 - 12:00 a.m.

Stable Channel Update

2012-03-2100:00:00
https://chromereleases.googleblog.com
chromereleases.googleblog.com
9

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.142

Percentile

95.7%

**The Chrome Stable channel has been updated to 17.0.963.83 on Windows, Mac, Linux and Chrome Frame. This release fixes issues with Flash games, along with the security fixes listed below.

Security fixes and rewards:

Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

Some of the items listed below represent the start of hardening measures based on study of the exploits submitted to the Pwnium competition.
**

  • [$1000] [113902] High CVE-2011-3050: Use-after-free with first-letter handling. Credit to miaubiz.
  • [116162] High CVE-2011-3045: libpng integer issue from upstream. Credit to Glenn Randers-Pehrson of the libpng project.
  • [$1000] [116461] High CVE-2011-3051: Use-after-free in CSS cross-fade handling. Credit to Arthur Gerkis.
  • [116637] High CVE-2011-3052: Memory corruption in WebGL canvas handling. Credit to Ben Vanik of Google.
  • [$1000] [116746] High CVE-2011-3053: Use-after-free in block splitting. Credit to miaubiz.
  • [117418] Low CVE-2011-3054: Apply additional isolations to webui privileges. Credit to Sergey Glazunov.
  • [117736] Low CVE-2011-3055: Prompt in the browser native UI for unpacked extension installation. Credit to PinkiePie.
  • [$2000] [117550] High CVE-2011-3056: Cross-origin violation with "magic iframe". Credit to Sergey Glazunov.**
    Also, this single low severity issue was fixed in a previous patch but we forgot to issue proper credit:
    **

** * [108648] Low CVE-2011-3049: Extension web request API can interfere with system requests. Credit to Michael Gundlach.** **
More detailed updates are available on the Chrome Blog. Full details about what changes are in this release are available in the SVN revision log. Interested in hopping on the stable channel? Find out how. If you find a new issue, please let us know by filing a bug.

Jason Kersey
Google Chrome**

Affected configurations

Vulners
Node
googlechromeRange<17.0.963.83
CPENameOperatorVersion
google chromelt17.0.963.83

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.142

Percentile

95.7%