Get Your Google Chrome 24, Available Now

rated by 0 users
This post has 4 Replies | 1 Follower

Top 10 Contributor
Posts 26,155
Points 1,185,205
Joined: Sep 2007
ForumsAdministrator
News Posted: Fri, Jan 11 2013 10:49 AM
Your HotHardware Public Service Announcement (PSA) of the day is that there's a new version of Google's Chrome browser available to download, Chrome 24. The latest build is heavy on security updates and short on feature enhancements, though it does add support for MathML (with a shout out to WebKit volunteer Dave Barton). Also included is an update to Flash (11.5.31.137) that's baked into the browser, and of course general improvements to speed and stability.

Here's a look at the daunting list of security fixes, several of which were rated "High" and three that were worth $1,000-$4,000 to the person who discovered them:

  • [$1000] [162494] High CVE-2012-5145: Use-after-free in SVG layout. Credit to Atte Kettunen of OUSPG.
  • [$4000] [165622] High CVE-2012-5146: Same origin policy bypass with malformed URL. Credit to Erling A Ellingsen and Subodh Iyengar, both of Facebook.
  • [$1000] [165864] High CVE-2012-5147: Use-after-free in DOM handling. Credit to José A. Vázquez.
  • [167122] Medium CVE-2012-5148: Missing filename sanitization in hyphenation support. Credit to Google Chrome Security Team (Justin Schuh).
  • [166795] High CVE-2012-5149: Integer overflow in audio IPC handling. Credit to Google Chrome Security Team (Chris Evans).
  • [165601] High CVE-2012-5150: Use-after-free when seeking video. Credit to Google Chrome Security Team (Inferno).
  • [165538] High CVE-2012-5151: Integer overflow in PDF JavaScript. Credit to Mateusz Jurczyk, with contribution from Gynvael Coldwind, both of Google Security Team.
  • [165430] Medium CVE-2012-5152: Out-of-bounds read when seeking video. Credit to Google Chrome Security Team (Inferno).
  • [164565] High CVE-2012-5153: Out-of-bounds stack access in v8. Credit to Andreas Rossberg of the Chromium development community.
  • [Windows only] [164490] Low CVE-2012-5154: Integer overflow in shared memory allocation. Credit to Google Chrome Security Team (Chris Evans).
  • [Mac only] [163208] Medium CVE-2012-5155: Missing Mac sandbox for worker processes. Credit to Google Chrome Security Team (Julien Tinnes).
  • [162778] High CVE-2012-5156: Use-after-free in PDF fields. Credit to Mateusz Jurczyk, with contribution from Gynvael Coldwind, both of Google Security Team.
  • [162776] [162156] Medium CVE-2012-5157: Out-of-bounds reads in PDF image handling. Credit to Mateusz Jurczyk, with contribution from Gynvael Coldwind, both of Google Security Team.
  • [162153] High CVE-2013-0828: Bad cast in PDF root handling. Credit to Mateusz Jurczyk, with contribution from Gynvael Coldwind, both of Google Security Team.
  • [162114] High CVE-2013-0829: Corruption of database metadata leading to incorrect file access. Credit to Google Chrome Security Team (Jüri Aedla).
  • [Windows only] [162066] Low CVE-2013-0830: Missing NUL termination in IPC. Credit to Google Chrome Security Team (Justin Schuh).
  • [161836] Low CVE-2013-0831: Possible path traversal from extension process. Credit to Google Chrome Security Team (Tom Sepez).
  • [160380] Medium CVE-2013-0832: Use-after-free with printing. Credit to Google Chrome Security Team (Cris Neckar).
  • [154485] Medium CVE-2013-0833: Out-of-bounds read with printing. Credit to Google Chrome Security Team (Cris Neckar).
  • [154283] Medium CVE-2013-0834: Out-of-bounds read with glyph handling. Credit to Google Chrome Security Team (Cris Neckar).
  • [152921] Low CVE-2013-0835: Browser crash with geolocation. Credit to Arthur Gerkis.
  • [150545] High CVE-2013-0836: Crash in v8 garbage collection. Credit to Google Chrome Security Team (Cris Neckar).
  • [145363] Medium CVE-2013-0837: Crash in extension tab handling. Credit to Tom Nielsen.
  • [Linux only] [143859] Low CVE-2013-0838: Tighten permissions on shared memory segments. Credit to Google Chrome Security Team (Chris Palmer).

Chrome HotHardware

One other change Google introduced in Chrome 24 is that Bookmarks are now searched by title when typing into the Omnibox. Matching bookmarks are shown in the autocomplete suggestions pop-down list, with matching done by prefix.

That about wraps it up for what's new. Bear in mind that Chrome follows a rapid-release schedule, therefore new builds aren't as feature packed as they once were.

  • | Post Points: 35
Top 150 Contributor
Posts 620
Points 5,570
Joined: Sep 2012
Location: Canada
ForumsAdministrator
Moderator
RWilliams replied on Fri, Jan 11 2013 1:53 PM

Updating now. Can't wait to experience all this bug-fixy goodness.

  • | Post Points: 5
Top 25 Contributor
Posts 3,475
Points 47,060
Joined: Nov 2005
Location: Metropolis
ForumsAdministrator
Moderator

I hope this takes care of my 'Shockwave has crashed' error messages.

 SPAM-posters beware! ®

  • | Post Points: 20
Top 500 Contributor
Posts 213
Points 2,220
Joined: Feb 2010
Paul_Lilly replied on Sat, Jan 12 2013 11:28 AM

Ugh, that's frustrating, isn't it? You're probably rocking two versions of Flash, the one baked into Chrome and the OS version. I disabled Chrome's Flash plugin and have been golden ever since. You can do this by:

1. Type "about:plugins" in the Omnibar (no quotes)

2. Look under the heading for Adobe Flash Player. If you see 2 entries, continue.

3. Disable the one that starts with "C:\Users..." and restart Chrome.

  • | Post Points: 20
Top 25 Contributor
Posts 3,475
Points 47,060
Joined: Nov 2005
Location: Metropolis
ForumsAdministrator
Moderator

Erg...tonight I got the same error message again: "Shockwave Flash has crashed". I'll try your suggestion and see if it works for me, Paul. Interestingly I never received an e-mail that you had replied to this thread. I wonder if the HH e-mail delivery system is down as I haven't received an e-mail since January 6th!  

 SPAM-posters beware! ®

  • | Post Points: 5
Page 1 of 1 (5 items) | RSS