Google released a big stable channel update for Chrome: Chrome 20 (20.0.1132.43). Along with it comes over 20 bug fixes and rewards.
Many of the bugs, Google says, were detected using AddressSanitizer.
Google lists them as follows:
- [118633] Low CVE-2012-2815: Leak of iframe fragment id. Credit to Elie Bursztein of Google.
- [Windows only] [119150] [119250] High CVE-2012-2816: Prevent sandboxed processes interfering with each other. Credit to Google Chrome Security Team (Justin Schuh).
- [$1000] [120222] High CVE-2012-2817: Use-after-free in table section handling. Credit to miaubiz.
- [$1000] [120944] High CVE-2012-2818: Use-after-free in counter layout. Credit to miaubiz.
- [120977] High CVE-2012-2819: Crash in texture handling. Credit to Ken “gets” Russell of the Chromium development community.
- [121926] Medium CVE-2012-2820: Out-of-bounds read in SVG filter handling. Credit to Atte Kettunen of OUSPG.
- [122925] Medium CVE-2012-2821: Autofill display problem. Credit to “simonbrown60”.
- [various] Medium CVE-2012-2822: Misc. lower severity OOB read issues in PDF. Credit to awesome ASAN and various Googlers (Kostya Serebryany, Evgeniy Stepanov, Mateusz Jurczyk, Gynvael Coldwind).
- [$1000] [124356] High CVE-2012-2823: Use-after-free in SVG resource handling. Credit to miaubiz.
- [$1000] [125374] High CVE-2012-2824: Use-after-free in SVG painting. Credit to miaubiz.
- [128688] Medium CVE-2012-2826: Out-of-bounds read in texture conversion. Credit to Google Chrome Security Team (Inferno).
- [Mac only] [129826] Low CVE-2012-2827: Use-after-free in Mac UI. Credit to the Chromium development community (Dharani Govindan).
- [129857] High CVE-2012-2828: Integer overflows in PDF. Credit to Mateusz Jurczyk of Google Security Team and Google Chrome Security Team (Chris Evans).
- [$1000] [129947] High CVE-2012-2829: Use-after-free in first-letter handling. Credit to miaubiz.
- [$1000] [129951] High CVE-2012-2830: Wild pointer in array value setting. Credit to miaubiz.
- [Windows only] [130276] Low CVE-2012-2764: Unqualified load of metro DLL. Credit to Moshe Zioni of Comsec Consulting.
- [$1000] [130356] High CVE-2012-2831: Use-after-free in SVG reference handling. Credit to miaubiz.
- [131553] High CVE-2012-2832: Uninitialized pointer in PDF image codec. Credit to Mateusz Jurczyk of Google Security Team.
- [132156] High CVE-2012-2833: Buffer overflow in PDF JS API. Credit to Mateusz Jurczyk of Google Security Team.
- [$1000] [132779] High CVE-2012-2834: Integer overflow in Matroska container. Credit to Jüri Aedla.
- [$500] [127417] Medium CVE-2012-2825: Wild read in XSL handling. Credit to Nicholas Gregoire.
- [64-bit Linux only] [$3000] [129930] High CVE-2012-2807: Integer overflows in libxml. Credit to Jüri Aedla.
Google notes that details of some of the bugs may be kept secret until everyone has a chance to update to the latest version.
We’re sure to get plenty more Chrome news today at Google I/O, as yesterday was primarily about Android. Google did, however, announce that Chrome For Android is now out of beta, and if you have the right device, you can start using it.