Google heeft de eerste stabiele uitgave van versie 20 van zijn webbrowser Chrome uitgebracht. Google Chrome is beschikbaar in drie verschillende uitvoeringen: stable, bèta en dev. Developmentversies zitten in een vroeg stadium van ontwikkeling en zijn dus het minst stabiel. Merkwaardig genoeg laat het changelog voor deze release alleen beveiligingsupdates zien, maar is er niets over nieuwe mogelijkheden te vinden. Wel zijn er enkele kleine veranderingen in de gebruikersinterface waar te nemen, zoals een iets bredere knop voor het openen van een nieuwe tab.
Stable Channel Update
The Google Chrome team is happy to announce the arrival of Chrome 20 (20.0.1132.43) to the Stable Channel for Windows, Mac, Linux, and Chrome Frame.
Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.
- [118633] Low CVE-2012-2815: Leak of iframe fragment id.
- [Windows only] [119150] [119250] High CVE-2012-2816: Prevent sandboxed processes interfering with each other.
- [120222] High CVE-2012-2817: Use-after-free in table section handling.
- [120944] High CVE-2012-2818: Use-after-free in counter layout.
- [120977] High CVE-2012-2819: Crash in texture handling.
- [121926] Medium CVE-2012-2820: Out-of-bounds read in SVG filter handling.
- [122925] Medium CVE-2012-2821: Autofill display problem.
- [various] Medium CVE-2012-2822: Misc. lower severity OOB read issues in PDF.
- [124356] High CVE-2012-2823: Use-after-free in SVG resource handling.
- [125374] High CVE-2012-2824: Use-after-free in SVG painting.
- [128688] Medium CVE-2012-2826: Out-of-bounds read in texture conversion.
- [Mac only] [129826] Low CVE-2012-2827: Use-after-free in Mac UI.
- [129857] High CVE-2012-2828: Integer overflows in PDF.
- [129947] High CVE-2012-2829: Use-after-free in first-letter handling.
- [129951] High CVE-2012-2830: Wild pointer in array value setting.
- [Windows only] [130276] Low CVE-2012-2764: Unqualified load of metro DLL.
- [130356] High CVE-2012-2831: Use-after-free in SVG reference handling.
- [131553] High CVE-2012-2832: Uninitialized pointer in PDF image codec.
- [132156] High CVE-2012-2833: Buffer overflow in PDF JS API.
- [132779] High CVE-2012-2834: Integer overflow in Matroska container.
And some additional rewards for issues with a wider scope than Chrome:Many of the above bugs were detected using AddressSanitizer.
- [127417] Medium CVE-2012-2825: Wild read in XSL handling.
- [64-bit Linux only] [$ 3000] [129930] High CVE-2012-2807: Integer overflows in libxml.