PDA

View Full Version : Google Chrome updates



AplusWebMaster
2011-08-03, 14:34
FYI...

Chrome v13.0.782.107 released
- http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html
August 2, 2011

- http://secunia.com/advisories/45498/
Release Date: 2011-08-03
Criticality level: Highly critical
Impact: Unknown, Security Bypass, Exposure of system information, Exposure of sensitive information, System access
Where: From remote...
Solution: Upgrade to version 13.0.782.107

- http://h-online.com/-1317555
3 August 2011 - "... 14 of the 30 security vulnerabilities fixed by the update are rated as 'high-risk' and include multiple use-after-free errors, cross-origin bugs, and crashes related the built-in PDF viewer and the V8 JavaScript engine used by Chrome. Other holes closed include 9 medium-risk bugs and 7 low-risk issues..."

- http://www.securitytracker.com/id/1025882
Aug 3 2011
CVE Reference: CVE-2011-2358, CVE-2011-2359, CVE-2011-2360, CVE-2011-2361, CVE-2011-2782, CVE-2011-2783, CVE-2011-2784, CVE-2011-2785, CVE-2011-2786, CVE-2011-2787, CVE-2011-2788, CVE-2011-2789, CVE-2011-2790, CVE-2011-2791, CVE-2011-2792, CVE-2011-2793, CVE-2011-2794, CVE-2011-2795, CVE-2011-2796, CVE-2011-2797, CVE-2011-2798, CVE-2011-2799, CVE-2011-2800, CVE-2011-2801, CVE-2011-2802, CVE-2011-2803, CVE-2011-2804, CVE-2011-2805, CVE-2011-2818, CVE-2011-2819

:fear:

AplusWebMaster
2011-08-10, 15:12
FYI...

Google Chrome v13.0.782.112 released
- https://secunia.com/advisories/45529/
Release Date: 2011-08-10
Criticality level: Highly critical
Impact: Exposure of sensitive information, System access
Where: From remote
Solution Status: Vendor Patch
CVE Reference(s): CVE-2011-2130, CVE-2011-2134, CVE-2011-2135, CVE-2011-2136, CVE-2011-2137, CVE-2011-2138, CVE-2011-2139, CVE-2011-2140, CVE-2011-2414, CVE-2011-2415, CVE-2011-2416, CVE-2011-2417, CVE-2011-2425
... vulnerabilities are caused due to a bundled vulnerable version of Adobe Flash Player...
Solution: Update to version 13.0.782.112.
Original Advisory: Google:
http://googlechromereleases.blogspot.com/2011/08/stable-channel-update_09.html

:fear:

AplusWebMaster
2011-08-23, 13:57
FYI...

Google Chrome v13.0.782.215 released
- https://secunia.com/advisories/45698/
Release Date: 2011-08-23
Criticality level: Highly critical
Impact: Unknown, Security Bypass, System access
Where: From remote
CVE Reference(s): CVE-2011-2806, CVE-2011-2821, CVE-2011-2822, CVE-2011-2823, CVE-2011-2824, CVE-2011-2825, CVE-2011-2826, CVE-2011-2827, CVE-2011-2828, CVE-2011-2829, CVE-2011-2839
Solution: Update to version 13.0.782.215.
Original Advisory:
http://googlechromereleases.blogspot.com/2011/08/stable-channel-update_22.html

> https://www.google.com/support/chrome/bin/answer.py?hl=en&answer=95414

:fear:

AplusWebMaster
2011-08-30, 23:42
FYI...

- http://www.theregister.co.uk/2011/09/02/google_chrome_diginotar/
___

Google Chrome v13.0.782.218 released
- http://googlechromereleases.blogspot.com/search/label/Stable%20updates
August 30, 2011 - "The Stable channel has also been updated to 13.0.782.218 for Windows, Mac, Linux, and Chrome Frame. These releases contain an updated version of the Adobe Flash Player. We also disabled a certificate authority (CA)*..."
* http://googleonlinesecurity.blogspot.com/2011/08/update-on-attempted-man-in-middle.html

:fear:

AplusWebMaster
2011-09-07, 01:00
FYI...

Chrome v13.0.782.220 released
- http://googlechromereleases.blogspot.com/search/label/Stable%20updates
Saturday, September 3, 2011 - ""The Stable channel has been updated to 13.0.782.220 for Windows, Mac, Linux, and Chrome Frame.
We're revoking trust for SSL certificates issued by DigiNotar-controlled intermediate CAs used by the Dutch PKIoverheid program. For more details about the security issues see the Google Security Blog post about DigiNotar* and an update from Mozilla**, who is also moving to revoke trust in these certificates..."
* http://googleonlinesecurity.blogspot.com/2011/08/update-on-attempted-man-in-middle.html
Update Sept 3

** http://blog.mozilla.com/security/2011/09/02/diginotar-removal-follow-up

:fear:

AplusWebMaster
2011-09-18, 20:48
FYI...

Chrome v14.0.835.163 released
- http://googlechromereleases.blogspot.com/search/label/Stable%20updates
September 16, 2011 - "The Chrome Stable channel has been updated to 14.0.835.163 for all platforms. This release contains... security fixes...
CVE-2011-2834, CVE-2011-2835, CVE-2011-2836, CVE-2011-2837, CVE-2011-2838, CVE-2011-2839, CVE-2011-2840, CVE-2011-2841, CVE-2011-2842, CVE-2011-2843, CVE-2011-2844, CVE-2011-2846, CVE-2011-2847, CVE-2011-2848, CVE-2011-2849, CVE-2011-2850, CVE-2011-2851, CVE-2011-2852, CVE-2011-2853, CVE-2011-2854, CVE-2011-2855, CVE-2011-2856, CVE-2011-2857, CVE-2011-2859, CVE-2011-2860, CVE-2011-2861, CVE-2011-2862, CVE-2011-2864, CVE-2011-2874, CVE-2011-2875, CVE-2011-3234..."

- https://secunia.com/advisories/46049/
Release Date: 2011-09-19
Criticality level: Highly critical
Impact: Unknown, Security Bypass, Spoofing, Exposure of sensitive information, System access
Where: From remote...
Solution: Upgrade to version 14.0.835.163.

- https://www.us-cert.gov/current/#google_releases_chrome_14_0
September 19, 2011

:fear:

AplusWebMaster
2011-09-21, 15:13
FYI...

Chrome v14.0.835.186 released
- https://secunia.com/advisories/46102/
Release Date: 2011-09-21
Criticality level: Highly critical
Impact: Cross Site Scripting, System access
Where: From remote
... vulnerabilities are caused due to a bundled vulnerable version of Adobe Flash Player...
Solution: Update to version 14.0.835.186.
Original Advisory:
http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_20.html
... includes an update to Flash Player that addresses a zero-day vulnerability...
... Release highlights:
Pepper flash: update to 10.3.200.107
Crash fixes...

:fear:

AplusWebMaster
2011-10-02, 18:03
FYI...

Chrome v14.0.835.187 released
- http://googlechromereleases.blogspot.com/search/label/Stable%20updates
October 1, 2011 - "The Chrome Stable channel has been updated to 14.0.835.187, and the Beta channel has been updated to 15.0.874.58. These updates should help repair Chrome installs that were broken due to the issue with Microsoft Security Essentials, discussed on the Chrome Blog*..."
* http://chrome.blogspot.com/2011/09/problems-with-microsoft-security.html

:fear:

AplusWebMaster
2011-10-05, 13:50
FYI...

Chrome v14.0.835.202 released
- https://secunia.com/advisories/46308/
Release Date: 2011-10-05
Criticality level: Highly critical
Impact: Security Bypass, System access
Where: From remote ...
Solution: Update to 14.0.835.202.

- http://googlechromereleases.blogspot.com/search/label/Stable%20updates
October 4, 2011 - "The Stable channel has been updated to 14.0.835.202 for Windows, Mac, Linux, and Chrome Frame. This release contains Adobe Flash Player 11, along with the stability and security fixes..."

- http://www.securitytracker.com/id/1026137
CVE Reference: CVE-2011-2876, CVE-2011-2877, CVE-2011-2878, CVE-2011-2879, CVE-2011-2880, CVE-2011-2881, CVE-2011-3873
Oct 4 2011
Impact: Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Version(s): prior to 14.0.835.202

:fear:

AplusWebMaster
2011-10-26, 16:21
FYI...

Google Chrome v15.0.874.102 released
- https://secunia.com/advisories/46594/
Release Date: 2011-10-26
Criticality level: Highly critical
Impact: Unknown, Security Bypass, Cross Site Scripting, Spoofing, System access
Where: From remote ...
Solution: Upgrade to version 15.0.874.102...
Original Advisory: Google:
http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html

- http://www.securitytracker.com/id/1026242
CVE Reference: CVE-2011-2845, CVE-2011-3875, CVE-2011-3876, CVE-2011-3877, CVE-2011-3878, CVE-2011-3879, CVE-2011-3880, CVE-2011-3881, CVE-2011-3882, CVE-2011-3883, CVE-2011-3884, CVE-2011-3885, CVE-2011-3886, CVE-2011-3887, CVE-2011-3888, CVE-2011-3889, CVE-2011-3890, CVE-2011-3891
Date: Oct 26 2011
Version(s): prior to 15.0.874.102 ...

- https://www.us-cert.gov/current/#google_releases_chrome_15_0
October 25, 2011 - "... vulnerabilities may allow an attacker to execute arbitrary code... update to Chrome 15.0.874.102..."

:fear::fear:

AplusWebMaster
2011-11-11, 05:21
FYI...

Chrome v15.0.874.120 released
- http://googlechromereleases.blogspot.com/search/label/Stable%20updates
November 10, 2011 - "The Stable channel has been updated to 15.0.874.120 for Windows, Mac, Linux and Chrome Frame platforms... This new build also contains a new version of Flash* which contains security fixes..."
* http://forums.spybot.info/showpost.php?p=415820&postcount=52
___

- https://secunia.com/advisories/46815/
Release Date: 2011-11-11
Criticality level: Highly critical
Impact: System access
Where: From remote...
Solution: Update to version 15.0.874.120.

- http://www.securitytracker.com/id/1026313
CVE Reference: CVE-2011-3892, CVE-2011-3893, CVE-2011-3894, CVE-2011-3895, CVE-2011-3896, CVE-2011-3897, CVE-2011-3898
Date: Nov 11 2011
Impact: Execution of arbitrary code via network, User access via network
Version(s): prior to 15.0.874.120 ...
Solution: The vendor has issued a fix (15.0.874.120)...

:fear:

AplusWebMaster
2011-11-17, 15:05
FYI...

Chrome v15.0.874.121 released
- https://secunia.com/advisories/46889/
Release Date: 2011-11-17
Criticality level: Highly critical
Impact: System access
Where: From remote ...
CVE Reference: CVE-2011-3900
... exploitation may allow execution of arbitrary code.
Solution: Update to version 15.0.874.121...

- http://googlechromereleases.blogspot.com/search/label/Stable%20updates
November 16, 2011 - "... contains the fix to a regression..."

:fear:

AplusWebMaster
2011-11-28, 20:18
FYI...

... Stable Channel Update for Chromebooks
- http://googlechromereleases.blogspot.com/search/label/Stable%20updates
Chromebooks v16.0.912.44 - Beta Channel Update
- http://googlechromereleases.blogspot.com/search/label/Chrome%20OS
November 22, 2011 - "... Chrome 16 on the Beta Channel for Chromebooks (Acer AC700, Samsung Series 5, and Cr-48).
Chrome version 16.0.912.44 (Platform version: 1193.65.0) ...
Numerous stability & security fixes..."

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4548
Last revised: 11/24/2011
Overview: Multiple unspecified vulnerabilities in Google Chrome before 16.0.912.44 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.
CVSS v2 Base Score: 10.0 (HIGH) ...

:fear:

AplusWebMaster
2011-12-14, 13:33
FYI...

Chrome v16.0.912.63 released
- https://secunia.com/advisories/47231/
Release Date: 2011-12-14
Criticality level: Highly critical
Impact: Spoofing, Exposure of sensitive information, System access
Where: From remote
Solution: Upgrade to version 16.0.912.63.
Original Advisory: Google:
http://googlechromereleases.blogspot.com/2011/12/stable-channel-update.html
December 13, 2011

- http://h-online.com/-1394757
14 December 2011 - "... The update also closes a total of 15 security holes, six of which are rated as "high severity" by Google..."

- http://chrome.blogspot.com/2011/11/take-your-chrome-stuff-with-you-in-new.html
"... we’ve added a new feature that lets people who use a shared computer each have their own personalized Chrome, and lets them each sign in to Chrome to sync their stuff... To try it out, go to Options (Preferences on Mac), click Personal Stuff, and click "Add new user." A fresh instance of Chrome will open, ready to be customized with its own set of apps, bookmarks, extensions, and other settings. A badge in the upper corner lets you know at a glance that this new Chrome browser belongs to you, and you can customize the name and badge as you like. Clicking this badge drops down a menu of all the users on that computer, so you can easily switch between them. In addition, each user can sign in to Chrome to access their own personalized Chrome across all their computers. One thing to keep in mind is that this feature isn’t intended to secure your data against other people using your computer, since all it takes is a couple of clicks to switch between users. We want to provide this functionality as a quick and simple user interface convenience for people who are already sharing Chrome on the same computer..."

:fear:

AplusWebMaster
2012-01-06, 15:08
FYI...

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0695
Last revised: 01/13/2012
CVSS v2 Base Score: 10.0 (HIGH)
"... Google Chrome -before- 17.0.963.27 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors..."
- http://googlechromereleases.blogspot.com/2012/01/beta-channel-update-for-chromebooks.html
___

Google Chrome v16.0.912.75 released
- https://secunia.com/advisories/47449/
Release Date: 2012-01-06
Criticality level: Highly critical
Impact: System access
Where: From remote
CVE Reference(s):
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3919
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3921
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3922
Solution: Update to version 16.0.912.75.
Original Advisory:
http://googlechromereleases.blogspot.com/2012/01/stable-channel-update.html

- http://www.securitytracker.com/id/1026487
Date: Jan 6 2012
Impact: Execution of arbitrary code via network, User access via network
Version(s): prior to 16.0.912.75

:fear:

AplusWebMaster
2012-01-24, 11:34
FYI...

Chrome v16.0.912.77 released
- https://secunia.com/advisories/47694/
Release Date: 2012-01-24
Criticality level: Highly critical
Impact: System access
Where: From remote
CVE Reference(s): CVE-2011-3924, CVE-2011-3926, CVE-2011-3927, CVE-2011-3928
Solution: Update to version 16.0.912.77.
Original Advisory:
http://googlechromereleases.blogspot.com/2012/01/stable-channel-update_23.html

- http://www.securitytracker.com/id/1026569
Jan 24 2012
Version: prior to 16.0.912.77
"... A remote user can cause arbitrary code to be executed on the target user's system..."

:fear:

AplusWebMaster
2012-02-09, 14:26
FYI...

Chrome v17.0.963.46 released
- https://secunia.com/advisories/47938/
Release Date: 2012-02-09
Criticality level: Highly critical
Impact: Unknown, Security Bypass, Manipulation of data, System access
Where: From remote
CVE Reference(s):
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3953 - 7.5 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3954 - 5.0
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3955 - 7.5 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3956 - 5.0
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3957 - 7.5 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3958 - 6.8
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3959 - 7.5 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3960 - 5.0
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3961 - 9.3 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3962 - 5.0
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3963 - 5.0
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3964 - 5.0
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3965 - 5.0
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3966 - 7.5 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3967 - 5.0
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3968 - 7.5 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3969 - 7.5 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3970 - 5.0
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3971 - 6.8
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3972 - 5.0
Solution: Upgrade to version 17.0.963.46.
Original Advisory:
http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html

- http://www.securitytracker.com/id/1026654
Date: Feb 9 2012
CVE Reference: CVE-2011-3953, CVE-2011-3954, CVE-2011-3955, CVE-2011-3956, CVE-2011-3957, CVE-2011-3958, CVE-2011-3959, CVE-2011-3960, CVE-2011-3961, CVE-2011-3962, CVE-2011-3963, CVE-2011-3964, CVE-2011-3965, CVE-2011-3966, CVE-2011-3967, CVE-2011-3968, CVE-2011-3969, CVE-2011-3970, CVE-2011-3971, CVE-2011-3972
Impact: Execution of arbitrary code via network, User access via network
Version(s): prior to 17.0.963.46
Solution: The vendor has issued a fix (17.0.963.46).
The vendor's advisory is available at:
http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html

:fear::fear:

AplusWebMaster
2012-02-16, 15:24
FYI...

Chrome v17.0.963.56 released
- https://secunia.com/advisories/48016/
Release Date: 2012-02-16
Criticality level: Highly critical
Impact: Unknown, System access
Where: From remote
CVE Reference(s): CVE-2011-3015, CVE-2011-3016, CVE-2011-3017, CVE-2011-3018, CVE-2011-3019, CVE-2011-3020, CVE-2011-3021, CVE-2011-3022, CVE-2011-3023, CVE-2011-3024, CVE-2011-3025, CVE-2011-3026, CVE-2011-3027
Solution: Update to version 17.0.963.56.
Original Advisory:
http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.html
February 15, 2012 - "... 17.0.963.56... This release fixes a number of stability and security issues in Chrome, and also includes a new version of Flash..."

:fear:

AplusWebMaster
2012-03-05, 17:41
FYI...

Chrome v17.0.963.65 released
- https://secunia.com/advisories/48265/
Release Date: 2012-03-05
Criticality level: Highly critical
Impact: Unknown, Security Bypass, Cross Site Scripting, System access
Where: From remote
CVE Reference(s): CVE-2011-3031, CVE-2011-3032, CVE-2011-3033, CVE-2011-3034, CVE-2011-3035, CVE-2011-3036, CVE-2011-3037, CVE-2011-3038, CVE-2011-3039, CVE-2011-3040, CVE-2011-3041, CVE-2011-3042, CVE-2011-3043, CVE-2011-3044, CVE-2012-0751, CVE-2012-0752, CVE-2012-0753, CVE-2012-0754, CVE-2012-0755, CVE-2012-0756, CVE-2012-0767
... vulnerabilities have been reported in Google Chrome, where one has an unknown impact and others can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a user's system.
Solution: Update to version 17.0.963.65.
Original Advisory:
http://googlechromereleases.blogspot.com/2012/03/chrome-stable-update.html
March 4, 2012 - "... updated to 17.0.963.65 on Windows, Mac, Linux and Chrome Frame... the release contains an updated version of the Adobe Flash player*..."
___

* http://forums.spybot.info/showthread.php?p=422517#post422517

Google Patches 14 Chrome Bugs Ahead of Pwn2Own...
- https://threatpost.com/en_us/blogs/google-patches-14-chrome-bugs-ahead-pwn2own-pays-30k-special-rewards-030512
March 5, 2012 - "... two days before the annual Pwn2Own contest is set to begin..."
Google offers $1M in Chrome exploit rewards
- http://h-online.com/-1445284
29 Feb 2012

:fear::spider:

AplusWebMaster
2012-03-09, 14:38
FYI...

Chrome v17.0.963.78 released
- https://secunia.com/advisories/48321/
Release Date: 2012-03-09
Criticality level: Highly critical
Impact: System access
Where: From remote
CVE Reference: CVE-2011-3046
... vulnerabilities are reported in versions prior to 17.0.963.78.
Solution: Update to version 17.0.963.78.
Original Advisory:
http://googlechromereleases.blogspot.com/2012/03/chrome-stable-channel-update.html

- http://www.securitytracker.com/id/1026776
Date: Mar 9 2012
CVE Reference: CVE-2011-3046
Impact: Execution of arbitrary code via network, User access via network
___

- http://pwn2own.zerodayinitiative.com/rules.html
March 7-9, 2012... There will be 4 targets this year, the most popular browsers on the market:
Microsoft Internet Explorer, Apple Safari, Google Chrome, Mozilla Firefox
The targets will be running on the latest, fully patched version of either Windows 7 or Lion... the browsers will be eligible for all attacks (and subsequent points) throughout the contest...

:fear:

AplusWebMaster
2012-03-12, 14:59
FYI...

Chrome v17.0.963.79 released
- https://secunia.com/advisories/48375/
Release Date: 2012-03-12
Impact: System access
Where: From remote
CVE Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3047 - 7.5 (HIGH)
...vulnerabilities are reported in versions prior to 17.0.963.79.
Solution: Update to version 17.0.963.79.
Original Advisory:
http://googlechromereleases.blogspot.com/2012/03/chrome-stable-update_10.html

:fear: