Google Chrome updates

Chrome 36.0.1985.125 released

FYI...

Chrome 36.0.1985.125 released
- https://secunia.com/advisories/60077/
Release Date: 2014-07-17
Criticality: Moderately Critical
Where: From remote
Impact: Unknown, Security Bypass
CVE Reference(s): CVE-2014-3160, CVE-2014-3162
... vulnerabilities are reported in versions prior to 36.0.1985.125.
Solution: Upgrade to version 36.0.1985.125.
Original Advisory:
- http://googlechromereleases.blogspot.com/2014/07/stable-channel-update.html
"... This update includes 26 security fixes..."

:fear:
 
Chrome 36.0.1985.143 released

FYI...

Chrome 36.0.1985.143 released
- http://googlechromereleases.blogspot.com/2014/08/stable-channel-update.html
Aug 12, 2014 - "The Stable Channel has been updated to 36.0.1985.143 for Windows, Mac and Linux. This release contains a Flash Player update... This update includes -12- security fixes..."

- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3165 - 7.5 (HIGH)
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3166 - 5.0
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3167 - 7.5 (HIGH)
___

- http://www.securitytracker.com/id/1030732
CVE Reference: CVE-2014-3165, CVE-2014-3166, CVE-2014-3167
Aug 14 2014
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 36.0.1985.143
Impact: A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system...
Solution: The vendor has issued a fix (36.0.1985.143)...

:fear:
 
Last edited:
Chrome 37.0.2062.94 released

FYI...

Chrome 37.0.2062.94 released
- http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html
Aug 26, 2014 - "... promotion of Chrome 37 to the stable channel for Windows, Mac and Linux. Chrome 37.0.2062.94 contains a number of fixes and improvements, including:
- DirectWrite support on Windows for improved font rendering
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance...
This update includes -50- security fixes..."

- https://secunia.com/advisories/60268/
Release Date: 2014-08-27
Criticality: Highly Critical
Where: From remote
Impact: Unknown, Security Bypass, Spoofing, System access...
CVE Reference(s): CVE-2014-3168, CVE-2014-3169, CVE-2014-3170, CVE-2014-3171, CVE-2014-3172,
CVE-2014-3173, CVE-2014-3174, CVE-2014-3175, CVE-2014-3176, CVE-2014-3177 ...
Some vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to conduct spoofing attacks, bypass certain security restrictions, and compromise a user's system...
Solution: Upgrade to version 37.0.2062.94...

- http://www.securitytracker.com/id/1030767
CVE Reference: CVE-2014-3168, CVE-2014-3169, CVE-2014-3170, CVE-2014-3171, CVE-2014-3172, CVE-2014-3173, CVE-2014-3174, CVE-2014-3175, CVE-2014-3176, CVE-2014-3177
Aug 28 2014
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 37.0.2062.94 ...
___

- https://www.us-cert.gov/ncas/current-activity/2014/08/27/Google-Releases-Security-Updates-Chrome
Aug 27, 2014 - "...update includes 50 security fixes some of which could allow a remote attacker to obtain unauthorized access or cause a denial of service..."

:fear: :blink:
 
Last edited:
Chrome 37.0.2062.120 released

FYI...

Chrome 37.0.2062.120 released
- http://googlechromereleases.blogspot.com/2014/09/stable-channel-update_9.html
Sep 9, 2014 - "The stable channel has been updated to 37.0.2062.120 for Windows, Mac and Linux. This release contains an update for Adobe Flash as well as a number of other fixes...
This update includes 4 security fixes..."

- https://secunia.com/advisories/60988/
Release Date: 2014-09-09
Criticality: Highly Critical
Where: From remote
Impact: Unknown, Security Bypass, System access
CVE Reference(s): CVE-2014-0547, CVE-2014-0548, CVE-2014-0549, CVE-2014-0550, CVE-2014-0551, CVE-2014-0552, CVE-2014-0553, CVE-2014-0554, CVE-2014-0555, CVE-2014-0556, CVE-2014-0557, CVE-2014-0559, CVE-2014-3178, CVE-2014-3179
... vulnerabilities are reported in versions prior to 37.0.2062.120.
Solution: Update to version 37.0.2062.120.

:fear:
 
Chrome 37.0.2062.124 released

FYI...

Chrome 37.0.2062.124 released
- http://googlechromereleases.blogspot.com/2014/09/stable-channel-update_24.html
Sep 24, 2014 - "The stable channel has been updated to 37.0.2062.124 for Windows and Mac.
This build contains a security change:
[414124] RSA signature malleability in NSS (CVE-2014-1568)..."

> https://www.us-cert.gov/ncas/curren...k-Security-Services-NSS-Library-Vulnerability
Sep 24, 2014

- http://www.kb.cert.org/vuls/id/772676
24 Sep 2014 - "... This vulnerability may allow an attacker to forge a RSA signature, such as a SSL certificate..."

- http://www.securitytracker.com/id/1030900
CVE Reference: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1568 - 7.5 (HIGH)
Sep 24 2014
Impact: Disclosure of system information, Disclosure of user information, Modification of authentication information, Modification of system information, Modification of user information
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 37.0.2062.124 ...

:fear::fear:
 
Last edited:
Chrome 38.0.2125.101 released

FYI...

Chrome 38.0.2125.101 released
- http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html
Oct 7, 2014 - "... Chrome 38.0.2125.101 contains a number of fixes and improvements... This update includes -159- security fixes, including -113- relatively minor fixes found using MemorySanitizer..."
CVE Reference(s): CVE-2014-3188, CVE-2014-3189, CVE-2014-3190, CVE-2014-3191, CVE-2014-3192, CVE-2014-3193, CVE-2014-3194, CVE-2014-3195, CVE-2014-3196, CVE-2014-3197, CVE-2014-3198, CVE-2014-3199, CVE-2014-3200

- https://www.us-cert.gov/ncas/curren...eleases-Security-Updates-Chrome-and-Chrome-OS
___

- http://www.securitytracker.com/id/1030980
CVE Reference: CVE-2014-3188, CVE-2014-3189, CVE-2014-3190, CVE-2014-3191, CVE-2014-3192, CVE-2014-3193, CVE-2014-3194, CVE-2014-3195, CVE-2014-3196, CVE-2014-3197, CVE-2014-3198, CVE-2014-3199, CVE-2014-3200
Oct 9 2014
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 38.0.2125.101 ...

:fear::fear:
 
Last edited:
Chrome 38.0.2125.104 released

FYI...

Chrome 38.0.2125.104 released
- http://googlechromereleases.blogspot.com/2014/10/stable-channel-update_14.html
Oct 14, 2014 - "The stable channel has been updated to 38.0.2125.104 for Windows, Mac and Linux. This release contains an update for Adobe Flash as well as a number of other fixes. A full list of changes is available in the log*..."
* https://chromium.googlesource.com/c...2125.101..38.0.2125.104?pretty=fuller&n=10000

CVE Reference(s): CVE-2014-0558, CVE-2014-0564, CVE-2014-0569
___

- https://www.us-cert.gov/ncas/curren...eleases-Security-Updates-Chrome-and-Chrome-OS
Oct 16, 2014

:fear:
 
Last edited:
Chrome 39.0.2171.65 released

FYI...

Chrome 39.0.2171.65 released
- http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html
Nov 18, 2014 - "... Chrome 39.0.2171.65 contains a number of fixes and improvements, including:
64-bit support for Mac
A number of new apps/extension APIs
Lots of under the hood changes for stability and performance ...
This update includes -42- security fixes..."
___

- http://www.securitytracker.com/id/1031241
CVE Reference: CVE-2014-7899, CVE-2014-7900, CVE-2014-7901, CVE-2014-7902, CVE-2014-7903, CVE-2014-7904, CVE-2014-7905, CVE-2014-7906, CVE-2014-7907, CVE-2014-7908, CVE-2014-7909, CVE-2014-7910
Nov 20 2014
Impact: A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can obtain potentially sensitive information.
Solution: The vendor has issued a fix (39.0.2171.65)...

:fear::fear:
 
Last edited:
Chrome 40.0.2214.91 released ...

FYI...

Chrome 40.0.2214.91 released
- http://googlechromereleases.blogspot.com/2015/01/stable-update.html
Jan 21 2015 - "... promotion of Chrome 40 to the stable channel for Windows, Mac and Linux. Chrome 40.0.2214.91 contains a number of fixes and improvements, including:
Updated info dialog for Chrome app on Windows and Linux.
A new clock behind/ahead error message.
A partial list of changes is available in the log*... This update includes -62- security fixes..."
* https://chromium.googlesource.com/chromium/src/+log/39.0.2171.0..40.0.2214.0?pretty=fuller&n=10000

["Comments" read: "... flash player version now 16.287"
___

- http://www.securitytracker.com/id/1031623
CVE Reference: CVE-2014-7923, CVE-2014-7924, CVE-2014-7925, CVE-2014-7926, CVE-2014-7927, CVE-2014-7928, CVE-2014-7929, CVE-2014-7930, CVE-2014-7931, CVE-2014-7932, CVE-2014-7933, CVE-2014-7934, CVE-2014-7935, CVE-2014-7936, CVE-2014-7937, CVE-2014-7938, CVE-2014-7939, CVE-2014-7940, CVE-2014-7941, CVE-2014-7942, CVE-2014-7943, CVE-2014-7944, CVE-2014-7945, CVE-2014-7946, CVE-2014-7947, CVE-2014-7948, CVE-2015-1205, CVE-2015-1346
Jan 23 2015
Impact: Denial of service via network, Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 40.0.2214.91 ...
Solution: The vendor has issued a fix (40.0.2214.91)...

:fear::fear:
 
Last edited:
Chrome 40.0.2214.111 released

FYI...

Chrome 40.0.2214.111 released
- http://googlechromereleases.blogspot.com/2015/02/stable-channel-update.html
Feb 5, 2015 - "The stable channel has been updated to 40.0.2214.111 for Windows, Mac and Linux...
Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed.
This update includes 11 security fixes..."
___

- http://www.securitytracker.com/id/1031709
CVE Reference: CVE-2015-1209, CVE-2015-1210, CVE-2015-1211, CVE-2015-1212
Feb 6 2015
Impact: Disclosure of system information, Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 40.0.2214.111 ...
Solution: The vendor has issued a fix (40.0.2214.111).
The vendor's advisory is available at:
- http://googlechromereleases.blogspot.com/2015/02/stable-channel-update.html

:fear::fear:
 
Last edited:
Chrome 41.0.2272.76 released

FYI...

Chrome 41.0.2272.76 released
- http://googlechromereleases.blogspot.dk/2015/03/stable-channel-update.html
Mar 3, 2015 - "The Chrome team is delighted to announce the promotion of Chrome 41 to the stable channel for Windows, Mac and Linux. Chrome 41.0.2272.76 contains a number of fixes and improvements, including:
A number of new apps/extension APIs
Lots of under the hood changes for stability and performance
This update includes -51- security fixes..."
___

CVE Reference(s): CVE-2015-1212, CVE-2015-1213, CVE-2015-1214, CVE-2015-1215, CVE-2015-1216, CVE-2015-1217, CVE-2015-1218, CVE-2015-1219, CVE-2015-1220, CVE-2015-1221, CVE-2015-1222, CVE-2015-1223, CVE-2015-1224, CVE-2015-1225, CVE-2015-1226, CVE-2015-1227, CVE-2015-1228, CVE-2015-1229, CVE-2015-1230, CVE-2015-1231

:fear::fear:
 
Chrome 41.0.2272.101 released

FYI...

Chrome 41.0.2272.101 released
- http://googlechromereleases.blogspot.dk/2015/03/stable-channel-update_19.html
March 19, 2015 - "The stable channel has been updated to 41.0.2272.101 for Windows, Mac and Linux. A partial list of changes is available in the log..."
___

All four major browsers take a stomping at Pwn2Own...
- http://arstechnica.com/security/201...ke-a-stomping-at-pwn2own-hacking-competition/
Mar 20, 2015 - "The annual Pwn2Own hacking competition wrapped up its 2015 event in Vancouver with another banner year, paying $442,000 for 21 critical bugs in all four major browsers, as well as Windows, Adobe Flash, and Adobe Reader..."

:fear::fear:
 
Chrome 41.0.2272.118 released

FYI...

Chrome 41.0.2272.118 released
- http://googlechromereleases.blogspot.com/2015/04/stable-channel-update.html
Apr 1, 2015 - "The stable channel has been updated to 41.0.2272.118 for Windows, Mac and Linux. A partial list of changes is available in the log... This update includes 4 security fixes..."
___

- http://www.securitytracker.com/id/1032012
CVE Reference:
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1233 - 7.5 (HIGH)
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1234 - 6.8
Apr 2 2015
Impact: Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes ...
Solution: The vendor has issued a fix (41.0.2272.118).

:fear:
 
Last edited:
Back
Top