Comment 0 for bug 889711

Revision history for this message
Micah Gersten (micahg) wrote :

The Stable channel has been updated to 15.0.874.120 for Windows, Mac, Linux and Chrome Frame platforms

All

    Updated V8 - 3.5.10.23
    Fix small print sizing issues (issues: 102186, 82472, 102154)
    This new build also contains a new version of Flash which contains security fixes. (Release Notes)

Mac

    Fixed the "certificate is not yet valid" error for server certificate issued by a VeriSign intermediate CA. (issue 101555)

Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

    [$500] [100465] High CVE-2011-3892: Double free in Theora decoder. Credit to Aki Helin of OUSPG.
    [$500] [100492] [100543] Medium CVE-2011-3893: Out of bounds reads in MKV and Vorbis media handlers. Credit to Aki Helin of OUSPG.
    [101172] High CVE-2011-3894: Memory corruption regression in VP8 decoding. Credit to Andrew Scherkus of the Chromium development community.
    [$1000] [101458] High CVE-2011-3895: Heap overflow in Vorbis decoder. Credit to Aki Helin of OUSPG.
    [101624] High CVE-2011-3896: Buffer overflow in shader variable mapping. Credit to Ken “strcpy” Russell of the Chromium development community.
    [102242] High CVE-2011-3897: Use-after-free in editing. Credit to pa_kt reported through ZDI (ZDI-CAN-1416).
    [102461] Low CVE-2011-3898: Failure to ask for permission to run applets in JRE7. Credit to Google Chrome Security Team (Chris Evans).