728x90
Google에서 제공하는 웹 브라우저인 Chrome이 업데이트되었습니다.
--
The Chrome Team is excited to announce the promotion of Chrome 34 to the Stable channel for Windows, Mac, and Linux. Chrome 34.0.1847.116 contains a number of fixes and improvements, including:
Responsive Images and Unprefixed Web Audio
Import supervised users onto new computers
A number of new apps/extension APIs
A different look for Win8 Metro mode
Lots of under the hood changes for stability and performance
You can read more about these changes at the Chrome blog.
Flash Player has been updated to 13.0.0.182, which is included w/ this release.
Security Fixes and Rewards
This update includes 31 security fixes. Below, we highlight fixes that were either contributed by external researchers or particularly interesting. Please see the Chromium security page for more information.
[$5000][354123] High CVE-2014-1716: UXSS in V8. Credit to Anonymous.
[$5000][353004] High CVE-2014-1717: OOB access in V8. Credit to Anonymous.
[$3000][348332] High CVE-2014-1718: Integer overflow in compositor. Credit to Aaron Staple.
[$3000][343661] High CVE-2014-1719: Use-after-free in web workers. Credit to Collin Payne.
[$2000][356095] High CVE-2014-1720: Use-after-free in DOM. Credit to cloudfuzzer.
[$2000][350434] High CVE-2014-1721: Memory corruption in V8. Credit to Christian Holler.
[$2000][330626] High CVE-2014-1722: Use-after-free in rendering. Credit to miaubiz.
[$1500][337746] High CVE-2014-1723: Url confusion with RTL characters. Credit to George McBay.
[$1000][327295] High CVE-2014-1724: Use-after-free in speech. Credit to Atte Kettunen of OUSPG.
[$3000][357332] Medium CVE-2014-1725: OOB read with window property. Credit to Anonymous
[$1000][346135] Medium CVE-2014-1726: Local cross-origin bypass. Credit to Jann Horn.
[$1000][342735] Medium CVE-2014-1727: Use-after-free in forms. Credit to Khalil Zhani.
As usual, our ongoing internal security work responsible for a wide range of fixes:
[360298] CVE-2014-1728: Various fixes from internal audits, fuzzing and other initiatives.
[345820, 347262, 348319, 350863, 352982, 355586, 358059] CVE-2014-1729: Multiple vulnerabilities in V8 fixed in version 3.24.35.22.
Many of the above bugs were detected using AddressSanitizer.
As we’ve previously discussed, Chrome will now offer to remember and fill password fields in the presence of autocomplete=off. This gives more power to users in spirit of the priority of constituencies, and it encourages the use of the Chrome password manager so users can have more complex passwords. This change does not affect non-password fields.
A partial list of changes is available in the SVN log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.
Daniel Xie
Google Chrome
--
출처 - http://googlechromereleases.blogspot.kr/2014/03/stable-channel-update_14.html
설치 파일 내려받기 - http://www.google.com/intl/ko/chrome/browser/
--
The Chrome Team is excited to announce the promotion of Chrome 34 to the Stable channel for Windows, Mac, and Linux. Chrome 34.0.1847.116 contains a number of fixes and improvements, including:
Responsive Images and Unprefixed Web Audio
Import supervised users onto new computers
A number of new apps/extension APIs
A different look for Win8 Metro mode
Lots of under the hood changes for stability and performance
You can read more about these changes at the Chrome blog.
Flash Player has been updated to 13.0.0.182, which is included w/ this release.
Security Fixes and Rewards
This update includes 31 security fixes. Below, we highlight fixes that were either contributed by external researchers or particularly interesting. Please see the Chromium security page for more information.
[$5000][354123] High CVE-2014-1716: UXSS in V8. Credit to Anonymous.
[$5000][353004] High CVE-2014-1717: OOB access in V8. Credit to Anonymous.
[$3000][348332] High CVE-2014-1718: Integer overflow in compositor. Credit to Aaron Staple.
[$3000][343661] High CVE-2014-1719: Use-after-free in web workers. Credit to Collin Payne.
[$2000][356095] High CVE-2014-1720: Use-after-free in DOM. Credit to cloudfuzzer.
[$2000][350434] High CVE-2014-1721: Memory corruption in V8. Credit to Christian Holler.
[$2000][330626] High CVE-2014-1722: Use-after-free in rendering. Credit to miaubiz.
[$1500][337746] High CVE-2014-1723: Url confusion with RTL characters. Credit to George McBay.
[$1000][327295] High CVE-2014-1724: Use-after-free in speech. Credit to Atte Kettunen of OUSPG.
[$3000][357332] Medium CVE-2014-1725: OOB read with window property. Credit to Anonymous
[$1000][346135] Medium CVE-2014-1726: Local cross-origin bypass. Credit to Jann Horn.
[$1000][342735] Medium CVE-2014-1727: Use-after-free in forms. Credit to Khalil Zhani.
As usual, our ongoing internal security work responsible for a wide range of fixes:
[360298] CVE-2014-1728: Various fixes from internal audits, fuzzing and other initiatives.
[345820, 347262, 348319, 350863, 352982, 355586, 358059] CVE-2014-1729: Multiple vulnerabilities in V8 fixed in version 3.24.35.22.
Many of the above bugs were detected using AddressSanitizer.
As we’ve previously discussed, Chrome will now offer to remember and fill password fields in the presence of autocomplete=off. This gives more power to users in spirit of the priority of constituencies, and it encourages the use of the Chrome password manager so users can have more complex passwords. This change does not affect non-password fields.
A partial list of changes is available in the SVN log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.
Daniel Xie
Google Chrome
--
출처 - http://googlechromereleases.blogspot.kr/2014/03/stable-channel-update_14.html
설치 파일 내려받기 - http://www.google.com/intl/ko/chrome/browser/
728x90
'취약점 정보1' 카테고리의 다른 글
| PostgreSQL class C vulnerability in core server: CVE-2014-0062 (0) | 2014.04.09 |
|---|---|
| PostgreSQL class C vulnerability in core server, ECPG: CVE-2014-0063 (0) | 2014.04.09 |
| open ssl 업데이트 권고 (0) | 2014.04.09 |
| 어도비 업데이트 권고 (0) | 2014.04.09 |
| iptime 업데이트 권고 (0) | 2014.04.09 |