Google’s Chrome team has announced the release of Chrome 24, updated for Mac OS X and other operating systems, resolving 24 security flaws. Chrome version 24.0.1312.52 includes 21 security fixes for flaws affecting Macs (11 high-level vulnerabilities, eight medium-level vulnerabilities, and two low-level bugs). This build also contains an update to Adobe Flash Player (18.104.22.168). You can find the security details for Flash Player here.
The Chrome team awarded $6,000 in cash to the security researchers who provided information about the flaws covered in this software update. The following flaws were fixed in Chrome 24 for Mac OS X:
- CVE-2012-5145: Use-after-free in SVG layout.
- CVE-2012-5146: Same origin policy bypass with malformed URL.
- CVE-2012-5147: Use-after-free in DOM handling.
- CVE-2012-5148: Missing filename sanitization in hyphenation support.
- CVE-2012-5149: Integer overflow in audio IPC handling.
- CVE-2012-5150: Use-after-free when seeking video.
- CVE-2012-5152: Out-of-bounds read when seeking video.
- CVE-2012-5153: Out-of-bounds stack access in v8.
- CVE-2012-5155: Missing Mac sandbox for worker processes.
- CVE-2012-5156: Use-after-free in PDF fields.
- CVE-2012-5157: Out-of-bounds reads in PDF image handling.
- CVE-2013-0828: Bad cast in PDF root handling.
- CVE-2013-0829: Corruption of database metadata leading to incorrect file access.
- CVE-2013-0831: Possible path traversal from extension process.
- CVE-2013-0832: Use-after-free with printing.
- CVE-2013-0833: Out-of-bounds read with printing.
- CVE-2013-0834: Out-of-bounds read with glyph handling.
- CVE-2013-0835: Browser crash with geolocation.
- CVE-2013-0836: Crash in v8 garbage collection.
- CVE-2013-0837: Crash in extension tab handling.
Google’s Chrome web browser updates automatically, so users will get the security updates after launching the software. If you don’t use Google Chrome, you can try it out by installing the newest version here.