Chrome 12 update closes "high-risk" holes
Google has released version 12.0.742.112 of its Chrome web browser, a maintenance and security update for the Windows, Mac OSÂ X and Linux versions, as well as Chrome Frame for Internet Explorer. According to Google, the update addresses a total of seven vulnerabilities, six of which are rated as 'high-risk'.
The update to the current stable edition of Chrome, Chrome 12, corrects three use-after-free errors, a memory corruption issue in CSS parsing, a bad bounds check in the V8 JavaScript engine and lifetime and re-entrancy issues in the HTML parser. A medium-risk out-of-bounds read problem in NPAPI string handling was also fixed.
Google paid out $6,000 as part of its Chromium Security Reward programme for reports of the vulnerabilities fixed in this version. As per Google policy, further details of the vulnerabilities are being withheld until it believes a majority of users have the update installed. All users are encouraged to update to the latest release as soon as possible. Users who currently have Chrome installed can use the built-in update function by clicking Tools, selecting About Google Chrome and clicking the Update button.
Information about the update, including a more detailed list of security fixes, can be found in a post on the Google Chrome Releases blog. Chrome 12.0.742.112 is also available to download for Windows, Mac OS X and Linux from google.com/chrome.
See also:
- Chrome extension shows up bad JavaScript, a report from The H.
- Google hardens Chrome 13 and 14, a report from The H.
(crve)