Chrome Releases
Release updates from the Chrome team
Stable Channel Update
Thursday, January 10, 2013
The Chrome team is excited to announce the promotion of Chrome 24 to the stable channel. Chrome 24.0.1312.52 has been updated for Windows, Mac, Linux, and Chrome Frame.
This is the first Stable release with
support for MathML
, thanks to WebKit volunteer
Dave Barton
. This release also contains an
update to Flash
(11.5.31.137) as well as improvements in speed and stability. You can find out more about Chrome 24 on the
Official Chrome Blog
and the
Official Chromium Blog
.
Security fixes and rewards:
Please see
the Chromium security page
for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.
[$
1000
] [
162494
]
High
CVE-2012-5145: Use-after-free in SVG layout.
Credit to Atte Kettunen of OUSPG.
[$
4000
] [
165622
]
High
CVE-2012-5146: Same origin policy bypass with malformed URL.
Credit to Erling A Ellingsen and Subodh Iyengar, both of Facebook.
[$
1000
] [
165864
]
High
CVE-2012-5147: Use-after-free in DOM handling.
Credit to José A. Vázquez.
[
167122
]
Medium
CVE-2012-5148: Missing filename sanitization in hyphenation support.
Credit to Google Chrome Security Team (Justin Schuh).
[
166795
]
High
CVE-2012-5149: Integer overflow in audio IPC handling.
Credit to Google Chrome Security Team (Chris Evans).
[
165601
]
High
CVE-2012-5150: Use-after-free when seeking video.
Credit to Google Chrome Security Team (Inferno).
[
165538
]
High
CVE-2012-5151: Integer overflow in PDF JavaScript.
Credit to Mateusz Jurczyk, with contribution from Gynvael Coldwind, both of Google Security Team.
[
165430
]
Medium
CVE-2012-5152: Out-of-bounds read when seeking video.
Credit to Google Chrome Security Team (Inferno).
[
164565
]
High
CVE-2012-5153: Out-of-bounds stack access in v8.
Credit to Andreas Rossberg of the Chromium development community.
[Windows only] [
164490
]
Low
CVE-2012-5154: Integer overflow in shared memory allocation.
Credit to Google Chrome Security Team (Chris Evans).
[Mac only] [
163208
]
Medium
CVE-2012-5155: Missing Mac sandbox for worker processes.
Credit to Google Chrome Security Team (Julien Tinnes).
[
162778
]
High
CVE-2012-5156: Use-after-free in PDF fields.
Credit to Mateusz Jurczyk, with contribution from Gynvael Coldwind, both of Google Security Team.
[
162776
] [
162156
]
Medium
CVE-2012-5157: Out-of-bounds reads in PDF image handling.
Credit to Mateusz Jurczyk, with contribution from Gynvael Coldwind, both of Google Security Team.
[
162153
]
High
CVE-2013-0828: Bad cast in PDF root handling.
Credit to Mateusz Jurczyk, with contribution from Gynvael Coldwind, both of Google Security Team.
[
162114
]
High
CVE-2013-0829: Corruption of database metadata leading to incorrect file access.
Credit to Google Chrome Security Team (Jüri Aedla).
[Windows only] [
162066
] Low CVE-2013-0830: Missing NUL termination in IPC.
Credit to Google Chrome Security Team (Justin Schuh).
[
161836
]
Low
CVE-2013-0831: Possible path traversal from extension process.
Credit to Google Chrome Security Team (Tom Sepez).
[
160380
]
Medium
CVE-2013-0832: Use-after-free with printing.
Credit to Google Chrome Security Team (Cris Neckar).
[
154485
]
Medium
CVE-2013-0833: Out-of-bounds read with printing.
Credit to Google Chrome Security Team (Cris Neckar).
[
154283
]
Medium
CVE-2013-0834: Out-of-bounds read with glyph handling.
Credit to Google Chrome Security Team (Cris Neckar).
[
152921
]
Low
CVE-2013-0835: Browser crash with geolocation.
Credit to Arthur Gerkis.
[
150545
]
High
CVE-2013-0836: Crash in v8 garbage collection.
Credit to Google Chrome Security Team (Cris Neckar).
[
145363
]
Medium
CVE-2013-0837: Crash in extension tab handling.
Credit to Tom Nielsen.
[Linux only] [
143859
]
Low
CVE-2013-0838: Tighten permissions on shared memory segments.
Credit to Google Chrome Security Team (Chris Palmer).
Many of the above bugs were detected using
AddressSanitizer
.
The security issues in V8 have been fixed in v8-3.14.5.3.
We’d also like to thank Atte Kettunen and Sławomir Błażek for working with us during the development cycle and preventing security regressions from ever reaching the stable channel. Rewards were issued.
Full details about what changes are in this build are available in the
SVN revision log
. Interested in switching release channels?
Find out how
. If you find a new issue, please let us know by
filing a bug
.
Dharani Govindan
Google Chrome
Labels
Admin Console
43
Android WebView
19
Beta
21
Beta update
4
Beta updates
2018
chrome
15
Chrome Dev for Android
129
Chrome for Android
946
Chrome for iOS
374
Chrome for Meetings
5
Chrome OS
1149
Chrome OS Flex
22
Chrome OS Management
12
Chromecast Update
6
ChromeOS
210
ChromeOS Flex
207
Desktop Update
1109
dev update
266
Dev updates
1506
Early Stable Updates
49
Extended Stable updates
127
Flash Player update
5
Flex
1
Hangouts Meet hardware
5
LTS
88
stable
11
Stable updates
1237
Archive
2024
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2023
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2022
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2021
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2020
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2019
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2018
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2017
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2016
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2015
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2014
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2013
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2012
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2011
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2010
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2009
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2008
Dec
Nov
Oct
Sep
Give us feedback in our
Product Forums
.
