Posted by: Chris Barylick
Date: Wednesday, November 7th, 2012, 08:53
Category: News, security, Software
It’s the bug fixes that make a difference.
Late Tuesday, Google released a beta of version 23.0.1271.64 of its Chrome web browser. The update, a 56.5 megabyte download, adds the following fixes and changes:
- Medium CVE-2012-5127: Integer overflow leading to out-of-bounds read in WebP handling. Credit to Phil Turnbull.
- High CVE-2012-5116: Use-after-free in SVG filter handling. Credit to miaubiz.
- [Mac OS only]  High CVE-2012-5118: Integer bounds check issue in GPU command buffers. Credit to miaubiz.
- High CVE-2012-5121: Use-after-free in video layout. Credit to Atte Kettunen of OUSPG.
- Low CVE-2012-5117: Inappropriate load of SVG subresource in img context. Credit to Felix Groebert of the Google Security Team.
- Medium CVE-2012-5119: Race condition in Pepper buffer handling. Credit to Fermin Serna of the Google Security Team.
- Medium CVE-2012-5122: Bad cast in input handling. Credit to Google Chrome Security Team (Inferno).
- Medium CVE-2012-5123: Out-of-bounds reads in Skia. Credit to Google Chrome Security Team (Inferno).
- High CVE-2012-5124: Memory corruption in texture handling. Credit to Al Patrick of the Chromium development community.
- Medium CVE-2012-5125: Use-after-free in extension tab handling. Credit to Alexander Potapenko of the Chromium development community.
- Medium CVE-2012-5126: Use-after-free in plug-in placeholder handling. Credit to Google Chrome Security Team (Inferno).
- High CVE-2012-5128: Bad write in v8. Credit to Google Chrome Security Team (Cris Neckar).
Google Chrome 23.0.1271.64 requires an Intel-based Mac with Mac OS X 10.5 or later to install and run. If you’ve tried the new version and have any feedback to offer, please let us know in the comments.