This release contains the following security fixes.
Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.
- [$1000] [Windows only] [72492] Medium CVE-2011-2822: URL parsing confusion on the command line. Credit to Vladimir Vorontsov, ONsec company.
- [82552] High CVE-2011-2823: Use-after-free in line box handling. Credit to Google Chrome Security Team (SkyLined) and independent later discovery by miaubiz.
- [$1000] [88216] High CVE-2011-2824: Use-after-free with counter nodes. Credit to miaubiz.
- [88670] High CVE-2011-2825: Use-after-free with custom fonts. Credit to wushi of team509 reported through ZDI (ZDI-CAN-1283), plus indepdendent later discovery by miaubiz.
- [$1000] [89402] High CVE-2011-2821: Double free in libxml XPath handling. Credit to Yang Dingning from NCNIPC, Graduate University of Chinese Academy of Sciences.
- [$1000] [87453] High CVE-2011-2826: Cross-origin violation with empty origins. Credit to Sergey Glazunov.
- [$1337] [Windows only] [89836] Critical CVE-2011-2806: Memory corruption in vertex handing. Credit to Michael Braithwaite of Turbulenz Limited.
- [$1000] [90668] High CVE-2011-2827: Use-after-free in text searching. Credit to miaubiz.
- [91517] High CVE-2011-2828: Out-of-bounds write in v8. Credit to Google Chrome Security Team (SkyLined).
- [$1500] [32-bit only] [91598] High CVE-2011-2829: Integer overflow in uniform arrays. Credit to Sergey Glazunov.
- [$1000] [Linux only] [91665] High CVE-2011-2839: Buggy memset() in PDF. Credit to Aki Helin of OUSPG.
|
|
