Chrome Releases
Release updates from the Chrome team
Stable Channel Update
Friday, September 16, 2011
The Chrome Stable channel has been updated to 14.0.835.163 for all platforms. This release contains the following security fixes. More details about high level features can be found on the
Google Chrome blog
.
Security fixes and rewards:
Please see
the Chromium security page
for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.
[
49377
]
High
CVE-2011-2835: Race condition in the certificate cache.
Credit to Ryan Sleevi of the Chromium development community.
[
51464
]
Low
CVE-2011-2836: Infobar the Windows Media Player plug-in to avoid click-free access to the system Flash.
Credit to electronixtar.
[Linux only] [
57908
]
Low
CVE-2011-2837: Use PIC / pie compiler flags.
Credit to wbrana.
[
75070
]
Low
CVE-2011-2838: Treat MIME type more authoritatively when loading plug-ins.
Credit to Michal Zalewski of the Google Security Team.
[
76771
]
High
CVE-2011-2830: Crash in v8 script object wrappers.
Credit to Kostya Serebryany of the Chromium development community.
[
78427
] [
83031
]
Low
CVE-2011-2840: Possible URL bar spoofs with unusual user interaction.
Credit to kuzzcc.
[$
500
] [
78639
]
High
CVE-2011-2841: Garbage collection error in PDF.
Credit to Mario Gomes.
[Mac only] [
80680
]
Low
CVE-2011-2842: Insecure lock file handling in the Mac installer.
Credit to Aaron Sigel of vtty.com.
[
82438
]
Medium
CVE-2011-2843: Out-of-bounds read with media buffers.
Credit to Kostya Serebryany of the Chromium development community.
[
85041
]
Medium
CVE-2011-2844: Out-of-bounds read with mp3 files.
Credit to Mario Gomes.
[$
1000
] [
89219
]
High
CVE-2011-2846: Use-after-free in unload event handling.
Credit to Arthur Gerkis.
[$
1000
] [
89330
]
High
CVE-2011-2847: Use-after-free in document loader.
Credit to miaubiz.
[$
500
] [
89564
]
Medium
CVE-2011-2848: URL bar spoof with forward button.
Credit to Jordi Chancel.
[
89795
]
Low
CVE-2011-2849: Browser NULL pointer crash with WebSockets.
Credit to Arthur Gerkis.
[$
500
] [
89991
]
Medium
CVE-2011-3234: Out-of-bounds read in box handling.
Credit to miaubiz.
[
90134
]
Medium
CVE-2011-2850: Out-of-bounds read with Khmer characters.
Credit to miaubiz.
[
90173
]
Medium
CVE-2011-2851: Out-of-bounds read in video handling.
Credit to Google Chrome Security Team (Inferno).
[$
500
] [
91120
]
High
CVE-2011-2852: Off-by-one in v8.
Credit to Christian Holler.
[
91197
]
High
CVE-2011-2853: Use-after-free in plug-in handling.
Credit to Google Chrome Security Team (SkyLined).
[$
1000
] [
92651
] [
94800
]
High
CVE-2011-2854: Use-after-free in ruby / table style handing.
Credit to Sławomir Błażek, and independent later discoveries by miaubiz and Google Chrome Security Team (Inferno).
[$
1000
] [
92959
]
High
CVE-2011-2855: Stale node in stylesheet handling.
Credit to Arthur Gerkis.
[$
2000
] [
93416
]
High
CVE-2011-2856: Cross-origin bypass in v8.
Credit to Daniel Divricean.
[$
1000
] [
93420
]
High
CVE-2011-2857: Use-after-free in focus controller.
Credit to miaubiz.
[$
1000
] [
93472
]
High
CVE-2011-2834: Double free in libxml XPath handling.
Credit to Yang Dingning from NCNIPC, Graduate University of Chinese Academy of Sciences.
[
93497
]
Medium
CVE-2011-2859: Incorrect permissions assigned to non-gallery pages.
Credit to Bernhard ‘Bruhns’ Brehm of Recurity Labs.
[$
1000
] [
93587
]
High
CVE-2011-2860: Use-after-free in table style handling.
Credit to miaubiz.
[
93596
]
Medium
CVE-2011-2861: Bad string read in PDF.
Credit to Aki Helin of OUSPG.
[$
2
3
3
7
] [
93906
]
High
CVE-2011-2862: Unintended access to v8 built-in objects.
Credit to Sergey Glazunov.
[
95563
]
Medium
CVE-2011-2864: Out-of-bounds read with Tibetan characters.
Credit to Google Chrome Security Team (Inferno).
[
95625
]
Medium
CVE-2011-2858: Out-of-bounds read with triangle arrays.
Credit to Google Chrome Security Team (Inferno).
[
95917
]
Low
CVE-2011-2874: Failure to pin a self-signed cert for a session.
Credit to Nishant Yadant of VMware and Craig Chamberlain (@randomuserid).
[$
1000
] [
95920
]
High
CVE-2011-2875: Type confusion in v8 object sealing.
Credit to Christian Holler.
In addition, we would like to thank “send.my.spam.to”, “Feiler89”, miaubiz, The Microsoft Java Team / Microsoft Vulnerability Research (MSVR), Chris Rohlf of Matasano, Chamal de Silva, Christian Holler, “simon.sarris” and Alexey Proskuryakov of Apple for working with us in the development cycle and preventing bugs from ever reaching the stable channel. Various rewards were issued.
The full list of changes is available in the
SVN revision log
.
Interested in switching to another channel?
Find out how
. If you find a new issue, please let us know by
filing a bug
.
Anthony Laforge
Google Chrome
Labels
Admin Console
43
Android WebView
19
Beta
21
Beta update
4
Beta updates
2024
chrome
15
Chrome Dev for Android
130
Chrome for Android
951
Chrome for iOS
381
Chrome for Meetings
5
Chrome OS
1149
Chrome OS Flex
22
Chrome OS Management
12
Chromecast Update
6
ChromeOS
211
ChromeOS Flex
208
Desktop Update
1117
dev update
266
Dev updates
1508
Early Stable Updates
49
Extended Stable updates
130
Flash Player update
5
Flex
1
Hangouts Meet hardware
5
LTS
88
stable
11
Stable updates
1247
Archive
2024
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2023
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2022
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2021
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2020
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2019
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2018
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2017
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2016
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2015
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2014
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2013
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2012
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2011
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2010
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2009
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2008
Dec
Nov
Oct
Sep
Give us feedback in our
Product Forums
.