Chrome 25 Fixes Vulnerabilities

Friday, February 22, 2013 @ 02:02 PM gHale


Google fixed nine high-severity vulnerabilities in its Chrome browser, as well as a dozen other flaws with the release of Chrome 25.

In Chrome 25 Google also disabled the MathML implementation in the browser, fixing what it said is a serious security problem.

RELATED STORIES
Security Fixes; PDF Viewer in Firefox 19
Firefox: Silent Add-ons Possible
New Opera Release Fixes Holes
Chrome Updated, Fixes Security Holes

“We’ve also resolved a high severity security issue by disabling MathML in this release. The WebKit MathML implementation isn’t quite ready for prime time yet but we are excited to enable it again in a future release once the security issues have been addressed,” said Jason Kersey of Google.

In addition to that fix and the patches for nine high-risk security bugs, Google also repaired 12 other vulnerabilities. The full list of vulnerabilities fixed in Chrome 25:
• High CVE-2013-0879: Memory corruption with web audio node.
• High CVE-2013-0880: Use-after-free in database handling.
• Medium CVE-2013-0881: Bad read in Matroska handling.
• High CVE-2013-0882: Bad memory access with excessive SVG parameters.
• Medium CVE-2013-0883: Bad read in Skia.
• Low CVE-2013-0884: Inappropriate load of NaCl.
• Medium CVE-2013-0885: Too many API permissions granted to web store.
• Medium CVE-2013-0886: Incorrect NaCl signal handling. (Mac only).
• Low CVE-2013-0887: Developer tools process has too many permissions and places too much trust in the connected server.
• Medium CVE-2013-0888: Out-of-bounds read in Skia.
• Low CVE-2013-0889: Tighten user gesture check for dangerous file downloads.
• High CVE-2013-0890: Memory safety issues across the IPC layer
• High CVE-2013-0891: Integer overflow in blob handling.
• Medium CVE-2013-0892: Lower severity issues across the IPC layer.
• Medium CVE-2013-0893: Race condition in media handling.
• High CVE-2013-0894: Buffer overflow in vorbis decoding.
• High CVE-2013-0895: Incorrect path handling in file copying (Linux/Mac).
• High CVE-2013-0896: Memory management issues in plug-in message handling.
• Low CVE-2013-0897: Off-by-one read in PDF..
• High CVE-2013-0898: Use-after-free in URL handling.
• Low CVE-2013-0899: Integer overflow in Opus handling.
• Medium CVE-2013-0900: Race condition in ICU.



Leave a Reply

You must be logged in to post a comment.