Stable Channel Update
Monday, October 8, 2012
The Stable channel has been updated to 22.0.1229.92 for Windows, Mac, and Linux. This update contains a number of stability fixes, including an issue with multiple profiles on Mac OS X 10.8.2. It also contains a fix for text display on the Mac, as well as the security updates listed below.
Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.
[$1000] [138208] High CVE-2012-2900: Crash in Skia text rendering. Credit to Atte Kettunen of OUSPG.
[$3133.7] [147499] Critical CVE-2012-5108: Race condition in audio device handling. Credit to Atte Kettunen of OUSPG.
[$500] [148692] Medium CVE-2012-5109: OOB read in ICU regex. Credit to Arthur Gerkis.
[151449] Medium CVE-2012-5110: Out-of-bounds read in compositor. Credit to Google Chrome Security Team (Inferno).
[151895] Low CVE-2012-5111: Plug-in crash monitoring was missing for Pepper plug-ins. Credit to Google Chrome Security Team (Chris Evans).
Many of the above bugs were detected using AddressSanitizer.
These builds also have a new version of Flash with security and other fixes. More information can be found here.
Full details about what's in this release are available in the SVN revision log. Found a bug? Report it! On a different channel, but want to join us on the Beta train? The Chromium wiki has you covered.
Jason Kersey
Google Chrome
Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.
[$1000] [138208] High CVE-2012-2900: Crash in Skia text rendering. Credit to Atte Kettunen of OUSPG.
[$3133.7] [147499] Critical CVE-2012-5108: Race condition in audio device handling. Credit to Atte Kettunen of OUSPG.
[$500] [148692] Medium CVE-2012-5109: OOB read in ICU regex. Credit to Arthur Gerkis.
[151449] Medium CVE-2012-5110: Out-of-bounds read in compositor. Credit to Google Chrome Security Team (Inferno).
[151895] Low CVE-2012-5111: Plug-in crash monitoring was missing for Pepper plug-ins. Credit to Google Chrome Security Team (Chris Evans).
Many of the above bugs were detected using AddressSanitizer.
These builds also have a new version of Flash with security and other fixes. More information can be found here.
Full details about what's in this release are available in the SVN revision log. Found a bug? Report it! On a different channel, but want to join us on the Beta train? The Chromium wiki has you covered.
Jason Kersey
Google Chrome