Tech Talk

[Chrome v14.0.835.163 released]

FYI...

Chrome v14.0.835.163 released
- http://googlechromereleases.blogspot.com/search/label/Stable%20updates
September 16, 2011 - "The Chrome Stable channel has been updated to 14.0.835.163 for all platforms. This release contains... security fixes...
CVE-2011-2834, CVE-2011-2835, CVE-2011-2836, CVE-2011-2837, CVE-2011-2838, CVE-2011-2839, CVE-2011-2840, CVE-2011-2841, CVE-2011-2842, CVE-2011-2843, CVE-2011-2844, CVE-2011-2846, CVE-2011-2847, CVE-2011-2848, CVE-2011-2849, CVE-2011-2850, CVE-2011-2851, CVE-2011-2852, CVE-2011-2853, CVE-2011-2854, CVE-2011-2855, CVE-2011-2856, CVE-2011-2857, CVE-2011-2859, CVE-2011-2860, CVE-2011-2861, CVE-2011-2862, CVE-2011-2864, CVE-2011-2874, CVE-2011-2875, CVE-2011-3234..."
"... before 14.0.835.163..."

- https://secunia.com/advisories/46049/
Release Date: 2011-09-19
Criticality level: Highly critical
Impact: Unknown, Security Bypass, Spoofing, Exposure of sensitive information, System access
Where: From remote...
Solution: Upgrade to version 14.0.835.163.

- https://www.us-cert.gov/current/#google_releases_chrome_14_0
September 19, 2011

 

[Chrome v14.0.835.186 released]

FYI...

Chrome v14.0.835.186 released
- https://secunia.com/advisories/46102/
Release Date: 2011-09-21
Criticality level: Highly critical
Impact: Cross Site Scripting, System access
Where: From remote
... vulnerabilities are caused due to a bundled vulnerable version of Adobe Flash Player...
Solution: Update to version 14.0.835.186.
Original Advisory:
http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_20.html
... includes an update to Flash Player that addresses a zero-day vulnerability...
... Release highlights:
Pepper flash: update to 10.3.200.107
Crash fixes...

 

[Chrome v14.0.835.187 released]

FYI...

Chrome v14.0.835.187 released
- http://googlechromereleases.blogspot.com/search/label/Stable%20updates
October 1, 2011 - "The Chrome Stable channel has been updated to 14.0.835.187, and the Beta channel has been updated to 15.0.874.58. These updates should help repair Chrome installs that were broken due to the issue with Microsoft Security Essentials, discussed on the Chrome Blog*..."
* http://chrome.blogspot.com/2011/09/problems-with-microsoft-security.html

 

[Chrome v14.0.835.202 released]

FYI...

Chrome v14.0.835.202 released
- https://secunia.com/advisories/46308/
Release Date: 2011-10-05
Criticality level: Highly critical
Impact: Security Bypass, System access
Where: From remote ...
Solution: Update to 14.0.835.202.

- http://googlechromereleases.blogspot.com/search/label/Stable%20updates
October 4, 2011 - "The Stable channel has been updated to 14.0.835.202 for Windows, Mac, Linux, and Chrome Frame. This release contains Adobe Flash Player 11, along with the stability and security fixes..."

- http://www.securitytracker.com/id/1026137
CVE Reference: CVE-2011-2876, CVE-2011-2877, CVE-2011-2878, CVE-2011-2879, CVE-2011-2880, CVE-2011-2881, CVE-2011-3873
Oct 4 2011
Impact: Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Version(s): prior to 14.0.835.202

 

[Google Chrome v15.0.874.102 released]

FYI...

Google Chrome v15.0.874.102 released
- https://secunia.com/advisories/46594/
Release Date: 2011-10-26
Criticality level: Highly critical
Impact: Unknown, Security Bypass, Cross Site Scripting, Spoofing, System access
Where: From remote ...
Solution: Upgrade to version 15.0.874.102...
Original Advisory: Google:
http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html

- http://www.securitytracker.com/id/1026242
CVE Reference: CVE-2011-2845, CVE-2011-3875, CVE-2011-3876, CVE-2011-3877, CVE-2011-3878, CVE-2011-3879, CVE-2011-3880, CVE-2011-3881, CVE-2011-3882, CVE-2011-3883, CVE-2011-3884, CVE-2011-3885, CVE-2011-3886, CVE-2011-3887, CVE-2011-3888, CVE-2011-3889, CVE-2011-3890, CVE-2011-3891
Date: Oct 26 2011
Version(s): prior to 15.0.874.102 ...

- https://www.us-cert.gov/current/#google_releases_chrome_15_0
October 25, 2011 - "... vulnerabilities may allow an attacker to execute arbitrary code... update to Chrome 15.0.874.102..."

 

[Chrome v15.0.874.120 released]

FYI...

Chrome v15.0.874.120 released
- http://googlechromereleases.blogspot.com/search/label/Stable%20updates
November 10, 2011 - "The Stable channel has been updated to 15.0.874.120 for Windows, Mac, Linux and Chrome Frame platforms... This new build also contains a new version of Flash* which contains security fixes..."
* http://boards.cexx.org/index.php?topic=17585.msg82873#msg82873
___

- https://secunia.com/advisories/46815/
Release Date: 2011-11-11
Criticality level: Highly critical
Impact: System access
Where: From remote...
Solution: Update to version 15.0.874.120.

- http://www.securitytracker.com/id/1026313
CVE Reference: CVE-2011-3892, CVE-2011-3893, CVE-2011-3894, CVE-2011-3895, CVE-2011-3896, CVE-2011-3897, CVE-2011-3898
Date: Nov 11 2011
Impact: Execution of arbitrary code via network, User access via network
Version(s): prior to 15.0.874.120 ...
Solution: The vendor has issued a fix (15.0.874.120)...
___

- http://h-online.com/-1377300
11 November 2011

 

[Chrome v15.0.874.121 released]

FYI...

Chrome v15.0.874.121 released
- https://secunia.com/advisories/46889/
Release Date: 2011-11-17
Criticality level: Highly critical
Impact: System access
Where: From remote ...
CVE Reference: CVE-2011-3900
... exploitation may allow execution of arbitrary code.
Solution: Update to version 15.0.874.121...

- http://googlechromereleases.blogspot.com/search/label/Stable%20updates
November 16, 2011 - "... contains the fix to a regression..."

 

[Chromebooks v16.0.912.44 - Beta Channel Update]

FYI...

... Stable Channel Update for Chromebooks
- http://googlechromereleases.blogspot.com/search/label/Stable%20updates
Chromebooks v16.0.912.44 - Beta Channel Update
- http://googlechromereleases.blogspot.com/search/label/Chrome%20OS
November 22, 2011 - "... Chrome 16 on the Beta Channel for Chromebooks (Acer AC700, Samsung Series 5, and Cr-48).
Chrome version 16.0.912.44 (Platform version: 1193.65.0) ...
Numerous stability & security fixes..."

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4548
Last revised: 11/24/2011
Overview: Multiple unspecified vulnerabilities in Google Chrome before  16.0.912.44 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.
CVSS v2 Base Score: 10.0 (HIGH) ...

 

[Chrome v16.0.912.63 released]

FYI...

Chrome v16.0.912.63 released
- https://secunia.com/advisories/47231/
Release Date: 2011-12-14
Criticality level: Highly critical
Impact: Spoofing, Exposure of sensitive information, System access
Where: From remote
Solution: Upgrade to version 16.0.912.63.
Original Advisory: Google:
http://googlechromereleases.blogspot.com/2011/12/stable-channel-update.html
December 13, 2011

- http://h-online.com/-1394757
14 December 2011 - "... The update also closes a total of 15 security holes, six of which are rated as "high severity" by Google..."

- http://chrome.blogspot.com/2011/11/take-your-chrome-stuff-with-you-in-new.html
"... we’ve added a new feature that lets people who use a shared computer each have their own personalized Chrome, and lets them each sign in to Chrome to sync their stuff... To try it out, go to Options (Preferences on Mac), click Personal Stuff, and click "Add new user." A fresh instance of Chrome will open, ready to be customized with its own set of apps, bookmarks, extensions, and other settings. A badge in the upper corner lets you know at a glance that this new Chrome browser belongs to you, and you can customize the name and badge as you like. Clicking this badge drops down a menu of all the users on that computer, so you can easily switch between them. In addition, each user can sign in to Chrome to access their own personalized Chrome across all their computers. One thing to keep in mind is that this feature isn’t intended to secure your data against other people using your computer, since all it takes is a couple of clicks to switch between users. We want to provide this functionality as a quick and simple user interface convenience for people who are already sharing Chrome on the same computer..."

 

[Google Chrome v16.0.912.75 released]

FYI...

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0695
Last revised: 01/13/2012
CVSS v2 Base Score: 10.0 (HIGH)
"... Google Chrome -before- 17.0.963.27 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors..."
- http://googlechromereleases.blogspot.com/2012/01/beta-channel-update-for-chromebooks.html
___

Google Chrome v16.0.912.75 released
- https://secunia.com/advisories/47449/
Release Date: 2012-01-06
Criticality level: Highly critical
Impact: System access
Where: From remote
CVE Reference(s):
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3919
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3921
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3922
Solution: Update to version 16.0.912.75.
Original Advisory:
http://googlechromereleases.blogspot.com/2012/01/stable-channel-update.html

- http://www.securitytracker.com/id/1026487
Date: Jan 6 2012
Impact: Execution of arbitrary code via network, User access via network
Version(s): prior to 16.0.912.75

 

[Chrome v16.0.912.77 released]

FYI...

Chrome v16.0.912.77 released
- https://secunia.com/advisories/47694/
Release Date: 2012-01-24
Criticality level: Highly critical
Impact:   System access
Where: From remote
CVE Reference(s): CVE-2011-3924, CVE-2011-3926, CVE-2011-3927, CVE-2011-3928
Solution: Update to version 16.0.912.77.
Original Advisory:
http://googlechromereleases.blogspot.com/2012/01/stable-channel-update_23.html

- http://www.securitytracker.com/id/1026569
Jan 24 2012
Version: prior to 16.0.912.77
"... A remote user can cause arbitrary code to be executed on the target user's system..."

 

[Chrome v17.0.963.46 released]

FYI...

Chrome v17.0.963.46 released
- https://secunia.com/advisories/47938/
Release Date: 2012-02-09
Criticality level: Highly critical
Impact: Unknown, Security Bypass, Manipulation of data, System access
Where: From remote
CVE Reference(s):
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3953 - 7.5 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3954 - 5.0
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3955 - 7.5 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3956 - 5.0
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3957 - 7.5 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3958 - 6.8
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3959 - 7.5 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3960 - 5.0
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3961 - 9.3 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3962 - 5.0
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3963 - 5.0
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3964 - 5.0
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3965 - 5.0
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3966 - 7.5 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3967 - 5.0
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3968 - 7.5 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3969 - 7.5 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3970 - 5.0
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3971 - 6.8
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3972 - 5.0
Solution: Upgrade to version 17.0.963.46.
Original Advisory:
http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html

- http://www.securitytracker.com/id/1026654
Date: Feb 9 2012
CVE Reference: CVE-2011-3953, CVE-2011-3954, CVE-2011-3955, CVE-2011-3956, CVE-2011-3957, CVE-2011-3958, CVE-2011-3959, CVE-2011-3960, CVE-2011-3961, CVE-2011-3962, CVE-2011-3963, CVE-2011-3964, CVE-2011-3965, CVE-2011-3966, CVE-2011-3967, CVE-2011-3968, CVE-2011-3969, CVE-2011-3970, CVE-2011-3971, CVE-2011-3972
Impact: Execution of arbitrary code via network, User access via network
Version(s): prior to 17.0.963.46
Solution: The vendor has issued a fix (17.0.963.46).
The vendor's advisory is available at:
http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html

 

[Chrome v17.0.963.56 released]

FYI...

Chrome v17.0.963.56 released
- https://secunia.com/advisories/48016/
Release Date: 2012-02-16
Criticality level: Highly critical
Impact: Unknown, System access
Where: From remote
CVE Reference(s): CVE-2011-3015, CVE-2011-3016, CVE-2011-3017, CVE-2011-3018,  CVE-2011-3019, CVE-2011-3020, CVE-2011-3021, CVE-2011-3022, CVE-2011-3023, CVE-2011-3024, CVE-2011-3025, CVE-2011-3026, CVE-2011-3027
Solution: Update to version 17.0.963.56.
Original Advisory:
http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.html
February 15, 2012 - "... 17.0.963.56... This release fixes a number of stability and security issues in Chrome, and also includes a new version of Flash..."

 

[Chrome v17.0.963.65 released]

FYI...

Chrome v17.0.963.65 released
- https://secunia.com/advisories/48265/
Release Date: 2012-03-05
Criticality level: Highly critical
Impact: Unknown, Security Bypass, Cross Site Scripting, System access
Where: From remote
CVE Reference(s): CVE-2011-3031, CVE-2011-3032, CVE-2011-3033, CVE-2011-3034, CVE-2011-3035, CVE-2011-3036, CVE-2011-3037, CVE-2011-3038, CVE-2011-3039, CVE-2011-3040, CVE-2011-3041, CVE-2011-3042, CVE-2011-3043, CVE-2011-3044, CVE-2012-0751, CVE-2012-0752, CVE-2012-0753, CVE-2012-0754, CVE-2012-0755, CVE-2012-0756, CVE-2012-0767
... vulnerabilities have been reported in Google Chrome, where one has an unknown impact and others can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a user's system.
Solution: Update to version 17.0.963.65.
Original Advisory:
http://googlechromereleases.blogspot.com/2012/03/chrome-stable-update.html
March 4, 2012 - "... updated to 17.0.963.65 on Windows, Mac, Linux and Chrome Frame... the release contains an updated version of the Adobe Flash player*..."
___

* http://boards.cexx.org/index.php?topic=17585.msg83268#msg83268

Google Patches 14 Chrome Bugs Ahead of Pwn2Own...
- https://threatpost.com/en_us/blogs/google-patches-14-chrome-bugs-ahead-pwn2own-pays-30k-special-rewards-030512
March 5, 2012 - "... two days before the annual Pwn2Own contest is set to begin..."
Google offers $1M in Chrome exploit rewards
- http://h-online.com/-1445284
29 Feb 2012

 

[Chrome v17.0.963.78 released]

FYI...

Chrome v17.0.963.78 released
- https://secunia.com/advisories/48321/
Release Date: 2012-03-09
Criticality level: Highly critical
Impact: System access
Where: From remote
CVE Reference: CVE-2011-3046
... vulnerabilities are reported in versions prior to 17.0.963.78.
Solution: Update to version 17.0.963.78.
Original Advisory:
http://googlechromereleases.blogspot.com/2012/03/chrome-stable-channel-update.html

- http://www.securitytracker.com/id/1026776
Date: Mar 9 2012
CVE Reference: CVE-2011-3046
Impact: Execution of arbitrary code via network, User access via network
___

- http://pwn2own.zerodayinitiative.com/rules.html
March 7-9, 2012... There will be 4 targets this year, the most popular browsers on the market:
Microsoft Internet Explorer, Apple Safari, Google Chrome, Mozilla Firefox
The targets will be running on the latest, fully patched version of either Windows 7 or Lion... the browsers will be eligible for all attacks (and subsequent points) throughout the contest...