Vous êtes ici: index » cert » avis


Par défaut, cette page vous affichera les derniers messages envoyés par le CERT RENATER à la communauté. Vous pouvez affiner par année ou par type de message. Si aucun critère n'est précisé, seuls les derniers messages sont affichés

Date : Mon, 19 Sep 2011 16:22:38 +0200
Type : VULN
Sujet : CERT-Renater : 2011/VULN567 (Google Chrome : Google Chrome Stable channel 14.0.835.163 fixes multiple vulnerabilities)

                        Note d'Information No. 2011/VULN567

DATE                 : 19/09/2011


OPERATING SYSTEM(S)  : Systems running
                         Google Chrome versions prior to 14.0.835.163.


Stable Channel Update

Friday, September 16, 2011 | 08:00

Labels: Stable updates

The Chrome Stable channel has been updated to 14.0.835.163 for all
platforms.  This release contains the following security fixes. More
details about high level features can be found on the Google Chrome

Security fixes and rewards:

Please see the Chromium security page for more detail. Note that the
referenced bugs may be kept private until a majority of our users are
up to date with the fix.

    [49377] High CVE-2011-2835: Race condition in the certificate
cache. Credit to Ryan Sleevi of the Chromium development community.
    [51464] Low CVE-2011-2836: Infobar the Windows Media Player plug-in
to avoid click-free access to the system Flash. Credit to electronixtar.
    [Linux only] [57908] Low CVE-2011-2837: Use PIC / pie compiler
flags. Credit to wbrana.
    [75070] Low CVE-2011-2838: Treat MIME type more authoritatively
when loading plug-ins. Credit to Michal Zalewski of the Google Security
    [76771] High CVE-2011-2839: Crash in v8 script object wrappers.
Credit to Kostya Serebryany of the Chromium development community.
    [78427] [83031] Low CVE-2011-2840: Possible URL bar spoofs with
unusual user interaction. Credit to kuzzcc.
    [$500] [78639] High CVE-2011-2841: Garbage collection error in PDF.
Credit to Mario Gomes.
    [Mac only] [80680] Low CVE-2011-2842: Insecure lock file handling in
the Mac installer. Credit to Aaron Sigel of vtty.com.
    [82438] Medium CVE-2011-2843: Out-of-bounds read with media buffers.
Credit to Kostya Serebryany of the Chromium development community.
    [85041] Medium CVE-2011-2844: Out-of-bounds read with mp3 files.
Credit to Mario Gomes.
    [$1000] [89219] High CVE-2011-2846: Use-after-free in unload event
handling. Credit to Arthur Gerkis.
    [$1000] [89330] High CVE-2011-2847: Use-after-free in document
loader. Credit to miaubiz.
    [$500] [89564] Medium CVE-2011-2848: URL bar spoof with forward
button. Credit to Jordi Chancel.
    [89795] Low CVE-2011-2849: Browser NULL pointer crash with
WebSockets. Credit to Arthur Gerkis.
    [$500] [89991] Medium CVE-2011-3234: Out-of-bounds read in box
handling. Credit to miaubiz.
    [90134] Medium CVE-2011-2850: Out-of-bounds read with Khmer
characters. Credit to miaubiz.
    [90173] Medium CVE-2011-2851: Out-of-bounds read in video handling.
Credit to Google Chrome Security Team (Inferno).
    [$500] [91120] High CVE-2011-2852: Off-by-one in v8. Credit to
Christian Holler.
    [91197] High CVE-2011-2853: Use-after-free in plug-in handling.
Credit to Google Chrome Security Team (SkyLined).
    [$1000] [92651] [94800] High CVE-2011-2854: Use-after-free in ruby
/ table style handing. Credit to Sławomir Błażek, and independent later
discoveries by miaubiz and Google Chrome Security Team (Inferno).
    [$1000] [92959] High CVE-2011-2855: Stale node in stylesheet
handling. Credit to Arthur Gerkis.
    [$2000] [93416] High CVE-2011-2856: Cross-origin bypass in v8.
Credit to Daniel Divricean.
    [$1000] [93420] High CVE-2011-2857: Use-after-free in focus
controller. Credit to miaubiz.
    [$1000] [93472] High CVE-2011-2834: Double free in libxml XPath
handling. Credit to Yang Dingning from NCNIPC, Graduate University of
Chinese Academy of Sciences.
    [93497] Medium CVE-2011-2859: Incorrect permissions assigned to
non-gallery pages. Credit to Bernhard ‘Bruhns’ Brehm of Recurity Labs.
    [$1000] [93587] High CVE-2011-2860: Use-after-free in table style
handling. Credit to miaubiz.
    [93596] Medium CVE-2011-2861: Bad string read in PDF. Credit to Aki
Helin of OUSPG.
    [$2337] [93906] High CVE-2011-2862: Unintended access to v8
built-in objects. Credit to Sergey Glazunov.
    [95563] Medium CVE-2011-2864: Out-of-bounds read with Tibetan
characters. Credit to Google Chrome Security Team (Inferno).
    [95625] Medium CVE-2011-2858: Out-of-bounds read with triangle
arrays. Credit to Google Chrome Security Team (Inferno).
    [95917] Low CVE-2011-2874: Failure to pin a self-signed cert for a
session. Credit to Nishant Yadant of VMware and Craig Chamberlain
    [$1000] [95920] High CVE-2011-2875: Type confusion in v8 object
sealing. Credit to Christian Holler.

In addition, we would like to thank “send.my.spam.to”, “Feiler89”,
miaubiz, The Microsoft Java Team / Microsoft Vulnerability Research
(MSVR), Chris Rohlf of Matasano, Chamal de Silva, Christian Holler,
“simon.sarris” and Alexey Proskuryakov of Apple for working with us in
the development cycle and preventing bugs from ever reaching the stable
channel. Various rewards were issued.

The full list of changes is available in the SVN revision log.
Interested in switching to another channel?  Find out how.  If you find
a new issue, please let us know by filing a bug.

Anthony Laforge
Google Chrome


          Les serveurs de référence du CERT-Renater
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +

[An attachment of type application/pkcs7-signature was included here]