The Google team has updated its Chrome web browser to version 23.0.1271.64 for Mac, Linux and Windows. Security fixes include patches for six high-level vulnerabilities, six medium-level bugs and one low-level issue. Fourteen vulnerabilities were fixed overall (one is for Linux 64-bit only). For the issues affecting Macs, Google awarded $7,500 in cash to the security researchers who provided information about the security holes covered in this update.
Following are descriptions of the fixed bugs:
- CVE-2012-5115: Defend against wild writes in buggy graphics drivers
- CVE-2012-5127: Integer overflow leading to out-of-bounds read in WebP handling
- CVE-2012-5116: Use-after-free in SVG filter handling
- CVE-2012-5118: Integer bounds check issue in GPU command buffers
- CVE-2012-5121: Use-after-free in video layout
- CVE-2012-5117: Inappropriate load of SVG subresource in img context
- CVE-2012-5119: Race condition in Pepper buffer handling
- CVE-2012-5122: Bad cast in input handling
- CVE-2012-5123: Out-of-bounds reads in Skia
- CVE-2012-5124: Memory corruption in texture handling
- CVE-2012-5125: Use-after-free in extension tab handling
- CVE-2012-5126: Use-after-free in plug-in placeholder handling
- CVE-2012-5128: Bad write in v8
In addition to the aforementioned security updates, Chrome 23 enables users to “view and control any website’s permissions for capabilities such as geolocation, pop-ups, and camera/microphone access,” notes the Google Chrome Blog. This means that instead of digging through settings pages to find appropriate permissions, users can simply click on the page/lock icon next to a website’s address in the omnibox to see a list of permissions and tweak them as desired.
Moreover, the latest Google Chrome release includes an option to send a “do not track” (DNT) request to websites and web services. However, the Google team notes, “The effectiveness of such requests is dependent on how websites and services respond, so Google is working with others on a common way to respond to these requests in the future.” In other words, while the technology is there, stay tuned for more on that.
Google’s Chrome browser updates automatically, so users will get these security updates and more upon launching the software. If you don’t use Google Chrome, you can try it out by installing the newest version here.
Cross-posted: http://www.intego.com