Google Updates Chrome Browser with 25 Bug Fixes
Yesterday, Google’s Chrome team updated its web browser to Chrome version 29. The new Chrome 29.0.1547.57 for Mac (and other operating systems) includes bug fixes for 25 security issues. Google provided $6,174 in rewards to the external researchers who offered information about the bugs fixed in this software update.
The Chrome team highlighted some fixes that were either contributed by external researchers or “particularly interesting,” most of which are high-level security flaws. Details of these issues are as follows:
- CVE-2013-2900: The FilePath::ReferencesParent function in files/file_path.cc in Google Chrome before 29.0.1547.57 on Windows does not properly handle pathname components composed entirely of . (dot) and whitespace characters, which allows remote attackers to conduct directory traversal attacks via a crafted directory name.
- CVE-2013-2905: The SharedMemory::Create function in memory/shared_memory_posix.cc in Google Chrome before 29.0.1547.57 uses weak permissions under /dev/shm/, which allows attackers to obtain sensitive information via direct access to a POSIX shared-memory file.
- CVE-2013-2901: Multiple integer overflows in (1) libGLESv2/renderer/Renderer9.cpp and (2) libGLESv2/renderer/Renderer11.cpp in Almost Native Graphics Layer Engine (ANGLE), as used in Google Chrome before 29.0.1547.57, allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
- CVE-2013-2902: Use-after-free vulnerability in the XSLT ProcessingInstruction implementation in Blink, as used in Google Chrome before 29.0.1547.57, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to an applyXSLTransform call involving (1) an HTML document or (2) an xsl:processing-instruction element that is still in the process of loading.
- CVE-2013-2903: Use-after-free vulnerability in the HTMLMediaElement::didMoveToNewDocument function in core/html/HTMLMediaElement.cpp in Blink, as used in Google Chrome before 29.0.1547.57, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving moving a (1) AUDIO or (2) VIDEO element between documents.
- CVE-2013-2904: Use-after-free vulnerability in the Document::finishedParsing function in core/dom/Document.cpp in Blink, as used in Google Chrome before 29.0.1547.57, allows remote attackers to cause a denial of service or possibly have unspecified other impact via an onload event that changes an IFRAME element so that its src attribute is no longer an XML document, leading to unintended garbage collection of this document.
- CVE-2013-2887: Multiple unspecified vulnerabilities in Google Chrome before 29.0.1547.57 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
Google’s Chrome browser updates automatically, so current users will get these security fixes and more upon launching the software. If you don’t use Google Chrome, you can try it out by installing the newest version here (for Mac OS X 10.6 or later).
