Stable Channel Update
Monday, March 4, 2013
The Stable channel has been updated to 25.0.1364.152 for Windows and Linux. Note: these release notes also apply to the same version for Mac that was released last Friday. This release contains security and stability improvements along with a number of bug fixes.
Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.
Jason Kersey
Google Chrome
Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.
- [$1000] [176882] High CVE-2013-0902: Use-after-free in frame loader. Credit to Chamal de Silva.
- [$1000] [176252] High CVE-2013-0903: Use-after-free in browser navigation handling. Credit to “chromium.khalil”.
- [$2000] [172926] [172331] High CVE-2013-0904: Memory corruption in Web Audio. Credit to Atte Kettunen of OUSPG.
- [$1000] [168982] High CVE-2013-0905: Use-after-free with SVG animations. Credit to Atte Kettunen of OUSPG.
- [174895] High CVE-2013-0906: Memory corruption in Indexed DB. Credit to Google Chrome Security Team (Jüri Aedla).
- [174150] Medium CVE-2013-0907: Race condition in media thread handling. Credit to Andrew Scherkus of the Chromium development community.
- [174059] Medium CVE-2013-0908: Incorrect handling of bindings for extension processes.
- [173906] Low CVE-2013-0909: Referer leakage with XSS Auditor. Credit to Egor Homakov.
- [172573] Medium CVE-2013-0910: Mediate renderer -> browser plug-in loads more strictly. Credit to Google Chrome Security Team (Chris Evans).
- [172264] High CVE-2013-0911: Possible path traversal in database handling. Credit to Google Chrome Security Team (Jüri Aedla).
Jason Kersey
Google Chrome