Monday, March 4, 2013

[Gd] Stable Channel Update

| More

Chrome Releases: Stable Channel Update

The Stable channel has been updated to 25.0.1364.152 for Windows and Linux. Note: these release notes also apply to the same version for Mac that was released last Friday. This release contains security and stability improvements along with a number of bug fixes.

Security fixes and rewards:

Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.
  • [$1000] [176882] High CVE-2013-0902: Use-after-free in frame loader. Credit to Chamal de Silva.
  • [$1000] [176252] High CVE-2013-0903: Use-after-free in browser navigation handling. Credit to “chromium.khalil”.
  • [$2000] [172926] [172331] High CVE-2013-0904: Memory corruption in Web Audio. Credit to Atte Kettunen of OUSPG.
  • [$1000] [168982] High CVE-2013-0905: Use-after-free with SVG animations. Credit to Atte Kettunen of OUSPG.
  • [174895] High CVE-2013-0906: Memory corruption in Indexed DB. Credit to Google Chrome Security Team (Jüri Aedla).
  • [174150] Medium CVE-2013-0907: Race condition in media thread handling. Credit to Andrew Scherkus of the Chromium development community.
  • [174059] Medium CVE-2013-0908: Incorrect handling of bindings for extension processes.
  • [173906] Low CVE-2013-0909: Referer leakage with XSS Auditor. Credit to Egor Homakov.
  • [172573] Medium CVE-2013-0910: Mediate renderer -> browser plug-in loads more strictly. Credit to Google Chrome Security Team (Chris Evans).
  • [172264] High CVE-2013-0911: Possible path traversal in database handling. Credit to Google Chrome Security Team (Jüri Aedla).
Full details about what changes are in this build are available in the SVN revision log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.

Jason Kersey
Google Chrome

No comments: