Google Chrome v13.0.782.215 released
FYI...
Google Chrome v13.0.782.215 released
- https://secunia.com/advisories/45698/
Release Date: 2011-08-23
Criticality level: Highly critical
Impact: Unknown, Security Bypass, System access
Where: From remote
CVE Reference(s): CVE-2011-2806, CVE-2011-2821, CVE-2011-2822, CVE-2011-2823, CVE-2011-2824, CVE-2011-2825, CVE-2011-2826, CVE-2011-2827, CVE-2011-2828, CVE-2011-2829, CVE-2011-2839
Solution: Update to version 13.0.782.215.
Original Advisory:
http://googlechromereleases.blogspot...update_22.html
> https://www.google.com/support/chrom...n&answer=95414
:fear:
Google Chrome v13.0.782.218 released
FYI...
- http://www.theregister.co.uk/2011/09...ome_diginotar/
___
Google Chrome v13.0.782.218 released
- http://googlechromereleases.blogspot...able%20updates
August 30, 2011 - "The Stable channel has also been updated to 13.0.782.218 for Windows, Mac, Linux, and Chrome Frame. These releases contain an updated version of the Adobe Flash Player. We also disabled a certificate authority (CA)*..."
* http://googleonlinesecurity.blogspot...in-middle.html
:fear:
Chrome v13.0.782.220 released
FYI...
Chrome v13.0.782.220 released
- http://googlechromereleases.blogspot...able%20updates
Saturday, September 3, 2011 - ""The Stable channel has been updated to 13.0.782.220 for Windows, Mac, Linux, and Chrome Frame.
We're revoking trust for SSL certificates issued by DigiNotar-controlled intermediate CAs used by the Dutch PKIoverheid program. For more details about the security issues see the Google Security Blog post about DigiNotar* and an update from Mozilla**, who is also moving to revoke trust in these certificates..."
* http://googleonlinesecurity.blogspot...in-middle.html
Update Sept 3
** http://blog.mozilla.com/security/201...oval-follow-up
:fear:
Chrome v14.0.835.163 released
FYI...
Chrome v14.0.835.163 released
- http://googlechromereleases.blogspot...able%20updates
September 16, 2011 - "The Chrome Stable channel has been updated to 14.0.835.163 for all platforms. This release contains... security fixes...
CVE-2011-2834, CVE-2011-2835, CVE-2011-2836, CVE-2011-2837, CVE-2011-2838, CVE-2011-2839, CVE-2011-2840, CVE-2011-2841, CVE-2011-2842, CVE-2011-2843, CVE-2011-2844, CVE-2011-2846, CVE-2011-2847, CVE-2011-2848, CVE-2011-2849, CVE-2011-2850, CVE-2011-2851, CVE-2011-2852, CVE-2011-2853, CVE-2011-2854, CVE-2011-2855, CVE-2011-2856, CVE-2011-2857, CVE-2011-2859, CVE-2011-2860, CVE-2011-2861, CVE-2011-2862, CVE-2011-2864, CVE-2011-2874, CVE-2011-2875, CVE-2011-3234..."
- https://secunia.com/advisories/46049/
Release Date: 2011-09-19
Criticality level: Highly critical
Impact: Unknown, Security Bypass, Spoofing, Exposure of sensitive information, System access
Where: From remote...
Solution: Upgrade to version 14.0.835.163.
- https://www.us-cert.gov/current/#goo...es_chrome_14_0
September 19, 2011
:fear:
Chrome v14.0.835.186 released
FYI...
Chrome v14.0.835.186 released
- https://secunia.com/advisories/46102/
Release Date: 2011-09-21
Criticality level: Highly critical
Impact: Cross Site Scripting, System access
Where: From remote
... vulnerabilities are caused due to a bundled vulnerable version of Adobe Flash Player...
Solution: Update to version 14.0.835.186.
Original Advisory:
http://googlechromereleases.blogspot...update_20.html
... includes an update to Flash Player that addresses a zero-day vulnerability...
... Release highlights:
Pepper flash: update to 10.3.200.107
Crash fixes...
:fear:
Chrome v14.0.835.187 released
FYI...
Chrome v14.0.835.187 released
- http://googlechromereleases.blogspot...able%20updates
October 1, 2011 - "The Chrome Stable channel has been updated to 14.0.835.187, and the Beta channel has been updated to 15.0.874.58. These updates should help repair Chrome installs that were broken due to the issue with Microsoft Security Essentials, discussed on the Chrome Blog*..."
* http://chrome.blogspot.com/2011/09/p...-security.html
:fear:
Chrome v14.0.835.202 released
FYI...
Chrome v14.0.835.202 released
- https://secunia.com/advisories/46308/
Release Date: 2011-10-05
Criticality level: Highly critical
Impact: Security Bypass, System access
Where: From remote ...
Solution: Update to 14.0.835.202.
- http://googlechromereleases.blogspot...able%20updates
October 4, 2011 - "The Stable channel has been updated to 14.0.835.202 for Windows, Mac, Linux, and Chrome Frame. This release contains Adobe Flash Player 11, along with the stability and security fixes..."
- http://www.securitytracker.com/id/1026137
CVE Reference: CVE-2011-2876, CVE-2011-2877, CVE-2011-2878, CVE-2011-2879, CVE-2011-2880, CVE-2011-2881, CVE-2011-3873
Oct 4 2011
Impact: Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Version(s): prior to 14.0.835.202
:fear:
Chrome v15.0.874.102 released
FYI...
Google Chrome v15.0.874.102 released
- https://secunia.com/advisories/46594/
Release Date: 2011-10-26
Criticality level: Highly critical
Impact: Unknown, Security Bypass, Cross Site Scripting, Spoofing, System access
Where: From remote ...
Solution: Upgrade to version 15.0.874.102...
Original Advisory: Google:
http://googlechromereleases.blogspot...e-release.html
- http://www.securitytracker.com/id/1026242
CVE Reference: CVE-2011-2845, CVE-2011-3875, CVE-2011-3876, CVE-2011-3877, CVE-2011-3878, CVE-2011-3879, CVE-2011-3880, CVE-2011-3881, CVE-2011-3882, CVE-2011-3883, CVE-2011-3884, CVE-2011-3885, CVE-2011-3886, CVE-2011-3887, CVE-2011-3888, CVE-2011-3889, CVE-2011-3890, CVE-2011-3891
Date: Oct 26 2011
Version(s): prior to 15.0.874.102 ...
- https://www.us-cert.gov/current/#goo...es_chrome_15_0
October 25, 2011 - "... vulnerabilities may allow an attacker to execute arbitrary code... update to Chrome 15.0.874.102..."
:fear::fear:
Chrome v15.0.874.120 released
FYI...
Chrome v15.0.874.120 released
- http://googlechromereleases.blogspot...able%20updates
November 10, 2011 - "The Stable channel has been updated to 15.0.874.120 for Windows, Mac, Linux and Chrome Frame platforms... This new build also contains a new version of Flash* which contains security fixes..."
* http://forums.spybot.info/showpost.p...0&postcount=52
___
- https://secunia.com/advisories/46815/
Release Date: 2011-11-11
Criticality level: Highly critical
Impact: System access
Where: From remote...
Solution: Update to version 15.0.874.120.
- http://www.securitytracker.com/id/1026313
CVE Reference: CVE-2011-3892, CVE-2011-3893, CVE-2011-3894, CVE-2011-3895, CVE-2011-3896, CVE-2011-3897, CVE-2011-3898
Date: Nov 11 2011
Impact: Execution of arbitrary code via network, User access via network
Version(s): prior to 15.0.874.120 ...
Solution: The vendor has issued a fix (15.0.874.120)...
:fear:
Chrome v15.0.874.121 released
FYI...
Chrome v15.0.874.121 released
- https://secunia.com/advisories/46889/
Release Date: 2011-11-17
Criticality level: Highly critical
Impact: System access
Where: From remote ...
CVE Reference: CVE-2011-3900
... exploitation may allow execution of arbitrary code.
Solution: Update to version 15.0.874.121...
- http://googlechromereleases.blogspot...able%20updates
November 16, 2011 - "... contains the fix to a regression..."
:fear:
Chromebooks v16.0.912.44 - Beta Channel Update...
FYI...
... Stable Channel Update for Chromebooks
- http://googlechromereleases.blogspot...able%20updates
Chromebooks v16.0.912.44 - Beta Channel Update
- http://googlechromereleases.blogspot...el/Chrome%20OS
November 22, 2011 - "... Chrome 16 on the Beta Channel for Chromebooks (Acer AC700, Samsung Series 5, and Cr-48).
Chrome version 16.0.912.44 (Platform version: 1193.65.0) ...
Numerous stability & security fixes..."
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-4548
Last revised: 11/24/2011
Overview: Multiple unspecified vulnerabilities in Google Chrome before 16.0.912.44 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.
CVSS v2 Base Score: 10.0 (HIGH) ...
:fear:
Chrome v16.0.912.63 released
FYI...
Chrome v16.0.912.63 released
- https://secunia.com/advisories/47231/
Release Date: 2011-12-14
Criticality level: Highly critical
Impact: Spoofing, Exposure of sensitive information, System access
Where: From remote
Solution: Upgrade to version 16.0.912.63.
Original Advisory: Google:
http://googlechromereleases.blogspot...el-update.html
December 13, 2011
- http://h-online.com/-1394757
14 December 2011 - "... The update also closes a total of 15 security holes, six of which are rated as "high severity" by Google..."
- http://chrome.blogspot.com/2011/11/t...ou-in-new.html
"... we’ve added a new feature that lets people who use a shared computer each have their own personalized Chrome, and lets them each sign in to Chrome to sync their stuff... To try it out, go to Options (Preferences on Mac), click Personal Stuff, and click "Add new user." A fresh instance of Chrome will open, ready to be customized with its own set of apps, bookmarks, extensions, and other settings. A badge in the upper corner lets you know at a glance that this new Chrome browser belongs to you, and you can customize the name and badge as you like. Clicking this badge drops down a menu of all the users on that computer, so you can easily switch between them. In addition, each user can sign in to Chrome to access their own personalized Chrome across all their computers. One thing to keep in mind is that this feature isn’t intended to secure your data against other people using your computer, since all it takes is a couple of clicks to switch between users. We want to provide this functionality as a quick and simple user interface convenience for people who are already sharing Chrome on the same computer..."
:fear:
Chrome v16.0.912.75 released
FYI...
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0695
Last revised: 01/13/2012
CVSS v2 Base Score: 10.0 (HIGH)
"... Google Chrome -before- 17.0.963.27 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors..."
- http://googlechromereleases.blogspot...romebooks.html
___
Google Chrome v16.0.912.75 released
- https://secunia.com/advisories/47449/
Release Date: 2012-01-06
Criticality level: Highly critical
Impact: System access
Where: From remote
CVE Reference(s):
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-3919
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-3921
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-3922
Solution: Update to version 16.0.912.75.
Original Advisory:
http://googlechromereleases.blogspot...el-update.html
- http://www.securitytracker.com/id/1026487
Date: Jan 6 2012
Impact: Execution of arbitrary code via network, User access via network
Version(s): prior to 16.0.912.75
:fear:
Chrome v16.0.912.77 released
FYI...
Chrome v16.0.912.77 released
- https://secunia.com/advisories/47694/
Release Date: 2012-01-24
Criticality level: Highly critical
Impact: System access
Where: From remote
CVE Reference(s): CVE-2011-3924, CVE-2011-3926, CVE-2011-3927, CVE-2011-3928
Solution: Update to version 16.0.912.77.
Original Advisory:
http://googlechromereleases.blogspot...update_23.html
- http://www.securitytracker.com/id/1026569
Jan 24 2012
Version: prior to 16.0.912.77
"... A remote user can cause arbitrary code to be executed on the target user's system..."
:fear:
Chrome v17.0.963.46 released
FYI...
Chrome v17.0.963.46 released
- https://secunia.com/advisories/47938/
Release Date: 2012-02-09
Criticality level: Highly critical
Impact: Unknown, Security Bypass, Manipulation of data, System access
Where: From remote
CVE Reference(s):
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-3953 - 7.5 (HIGH)
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-3954 - 5.0
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-3955 - 7.5 (HIGH)
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-3956 - 5.0
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-3957 - 7.5 (HIGH)
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-3958 - 6.8
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-3959 - 7.5 (HIGH)
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-3960 - 5.0
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-3961 - 9.3 (HIGH)
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-3962 - 5.0
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-3963 - 5.0
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-3964 - 5.0
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-3965 - 5.0
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-3966 - 7.5 (HIGH)
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-3967 - 5.0
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-3968 - 7.5 (HIGH)
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-3969 - 7.5 (HIGH)
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-3970 - 5.0
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-3971 - 6.8
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-3972 - 5.0
Solution: Upgrade to version 17.0.963.46.
Original Advisory:
http://googlechromereleases.blogspot...el-update.html
- http://www.securitytracker.com/id/1026654
Date: Feb 9 2012
CVE Reference: CVE-2011-3953, CVE-2011-3954, CVE-2011-3955, CVE-2011-3956, CVE-2011-3957, CVE-2011-3958, CVE-2011-3959, CVE-2011-3960, CVE-2011-3961, CVE-2011-3962, CVE-2011-3963, CVE-2011-3964, CVE-2011-3965, CVE-2011-3966, CVE-2011-3967, CVE-2011-3968, CVE-2011-3969, CVE-2011-3970, CVE-2011-3971, CVE-2011-3972
Impact: Execution of arbitrary code via network, User access via network
Version(s): prior to 17.0.963.46
Solution: The vendor has issued a fix (17.0.963.46).
The vendor's advisory is available at:
http://googlechromereleases.blogspot...el-update.html
:fear::fear:
Chrome v17.0.963.56 released
FYI...
Chrome v17.0.963.56 released
- https://secunia.com/advisories/48016/
Release Date: 2012-02-16
Criticality level: Highly critical
Impact: Unknown, System access
Where: From remote
CVE Reference(s): CVE-2011-3015, CVE-2011-3016, CVE-2011-3017, CVE-2011-3018, CVE-2011-3019, CVE-2011-3020, CVE-2011-3021, CVE-2011-3022, CVE-2011-3023, CVE-2011-3024, CVE-2011-3025, CVE-2011-3026, CVE-2011-3027
Solution: Update to version 17.0.963.56.
Original Advisory:
http://googlechromereleases.blogspot...le-update.html
February 15, 2012 - "... 17.0.963.56... This release fixes a number of stability and security issues in Chrome, and also includes a new version of Flash..."
:fear:
Chrome v17.0.963.65 released
FYI...
Chrome v17.0.963.65 released
- https://secunia.com/advisories/48265/
Release Date: 2012-03-05
Criticality level: Highly critical
Impact: Unknown, Security Bypass, Cross Site Scripting, System access
Where: From remote
CVE Reference(s): CVE-2011-3031, CVE-2011-3032, CVE-2011-3033, CVE-2011-3034, CVE-2011-3035, CVE-2011-3036, CVE-2011-3037, CVE-2011-3038, CVE-2011-3039, CVE-2011-3040, CVE-2011-3041, CVE-2011-3042, CVE-2011-3043, CVE-2011-3044, CVE-2012-0751, CVE-2012-0752, CVE-2012-0753, CVE-2012-0754, CVE-2012-0755, CVE-2012-0756, CVE-2012-0767
... vulnerabilities have been reported in Google Chrome, where one has an unknown impact and others can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a user's system.
Solution: Update to version 17.0.963.65.
Original Advisory:
http://googlechromereleases.blogspot...le-update.html
March 4, 2012 - "... updated to 17.0.963.65 on Windows, Mac, Linux and Chrome Frame... the release contains an updated version of the Adobe Flash player*..."
___
* http://forums.spybot.info/showthread...517#post422517
Google Patches 14 Chrome Bugs Ahead of Pwn2Own...
- https://threatpost.com/en_us/blogs/g...rewards-030512
March 5, 2012 - "... two days before the annual Pwn2Own contest is set to begin..."
Google offers $1M in Chrome exploit rewards
- http://h-online.com/-1445284
29 Feb 2012
:fear::spider:
Chrome v17.0.963.78 released
FYI...
Chrome v17.0.963.78 released
- https://secunia.com/advisories/48321/
Release Date: 2012-03-09
Criticality level: Highly critical
Impact: System access
Where: From remote
CVE Reference: CVE-2011-3046
... vulnerabilities are reported in versions prior to 17.0.963.78.
Solution: Update to version 17.0.963.78.
Original Advisory:
http://googlechromereleases.blogspot...el-update.html
- http://www.securitytracker.com/id/1026776
Date: Mar 9 2012
CVE Reference: CVE-2011-3046
Impact: Execution of arbitrary code via network, User access via network
___
- http://pwn2own.zerodayinitiative.com/rules.html
March 7-9, 2012... There will be 4 targets this year, the most popular browsers on the market:
Microsoft Internet Explorer, Apple Safari, Google Chrome, Mozilla Firefox
The targets will be running on the latest, fully patched version of either Windows 7 or Lion... the browsers will be eligible for all attacks (and subsequent points) throughout the contest...
:fear:
Chrome v17.0.963.79 released
FYI...
Chrome v17.0.963.79 released
- https://secunia.com/advisories/48375/
Release Date: 2012-03-12
Impact: System access
Where: From remote
CVE Reference: http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-3047 - 7.5 (HIGH)
...vulnerabilities are reported in versions prior to 17.0.963.79.
Solution: Update to version 17.0.963.79.
Original Advisory:
http://googlechromereleases.blogspot...update_10.html
:fear: