본문 바로가기

벌새::Security

업데이트 : Google Chrome 13.0.782.107

구글(Google)에서 제공하는 오픈 소스 기반 웹 브라우저 Google Chrome 13.0.782.107 정식 버전이 출시되었습니다.

Google Chrome 13 버전에서는 5200개 이상의 버그(Bug) 수정과 함께 Google.com 검색 엔진을 통한 검색 결과를 클릭할 경우 더욱 빠른 로딩을 위한 새로운 Prerendering 기술이 추가되었습니다.

또한 보안과 관련된 High 등급(14건), Medium 등급(9건), Low 등급(7건)에 대한 취약점 수정이 이루어졌습니다.

1. High 등급


  1. CVE-2011-2359 : Stale pointer due to bad line box tracking in rendering.
  2. CVE-2011-2790 : Use-after-free with floating styles.
  3. CVE-2011-2791 : Out-of-bounds write in ICU.
  4. CVE-2011-2792 : Use-after-free with float removal.
  5. CVE-2011-2793 : Use-after-free in media selectors.
  6. CVE-2011-2796 : Use-after-free in Skia.
  7. CVE-2011-2797 : Use-after-free in resource caching.
  8. CVE-2011-2799 : Use-after-free in HTML range handling.
  9. CVE-2011-2801 : Use-after-free in frame loader.
  10. CVE-2011-2802 : v8 crash with const lookups.
  11. CVE-2011-2804 : PDF crash with nested functions.
  12. CVE-2011-2805 : Cross-origin script injection.
  13. CVE-2011-2818 : Use-after-free in display box rendering.
  14. CVE-2011-2819 : Cross-origin violation in base URI handling.

2. Medium 등급


  1. CVE-2011-2358 : Always confirm an extension install via a browser dialog.
  2. CVE-2011-2782 : File permissions error with drag and drop. (Linux)
  3. CVE-2011-2783 : Always confirm a developer mode NPAPI extension install via a browser dialog.
  4. CVE-2011-2787 : Browser crash due to GPU lock re-entrancy issue.
  5. CVE-2011-2789 : Use after free in Pepper plug-in instantiation.
  6. CVE-2011-2794 : Out-of-bounds read in text iteration.
  7. CVE-2011-2795 : Cross-frame function leak.
  8. CVE-2011-2800 : Leak of client-side redirect target.
  9. CVE-2011-2803 : Out-of-bounds read in Skia paths.

3. Low 등급


  1. CVE-2011-2360 : Potential bypass of dangerous file prompt.
  2. CVE-2011-2361 : Improve designation of strings in the basic auth dialog.
  3. CVE-2011-2784 : Local file path disclosure via GL program log.
  4. CVE-2011-2785 : Sanitize the homepage URL in extensions.
  5. CVE-2011-2786 : Make sure the speech input bubble is always on-screen.
  6. CVE-2011-2788 : Buffer overflow in inspector serialization.
  7. CVE-2011-2798 : Prevent a couple of internal schemes from being web accessible.

해당 웹 브라우저를 사용하시는 분들은 반드시 최신 버전으로 업데이트를 하시고 인터넷을 이용하시기 바랍니다.