본문 바로가기

벌새::Security

업데이트 : Google Chrome 14.0.835.163

반응형
구글(Google)에서 제공하는 오픈 소스 기반 웹 브라우저 Google Chrome 14.0.835.163 정식 버전이 출시되었습니다.

이번 Google Chrome 14 정식 버전에서는 개발자가 더욱 강력한 웹 어플과 게임을 만들 수 있는 2개의 중요한 기술이 포함되어 있습니다.
  • The Web Audio API enables developers to add fancy audio effects such as room simulation and spatialization.
  • Native Client is an open-source technology which allows C and C++ code to be seamlessly and securely executed inside the browser. Currently, Native Client only supports applications listed in the Chrome Web Store, but we are working to remove this limitation as soon as possible.
또한 Mac OS X Lion 운영 체제 환경에서 Google Chrome 웹 브라우저를 사용하는 사용자를 위한 몇 가지 변화가 포함되어 있습니다.

보안과 관련된 수정 사항은 High 등급(15건), Medium 등급(10건), Low 등급(7건)을 포함한 총 32건의 보안 문제가 해결되었습니다.

1. High 등급

  1. CVE-2011-2834 : Double free in libxml XPath handling.
  2. CVE-2011-2835 : Race condition in the certificate cache.
  3. CVE-2011-2839 : Crash in v8 script object wrappers.
  4. CVE-2011-2841 : Garbage collection error in PDF.
  5. CVE-2011-2846 : Use-after-free in unload event handling.
  6. CVE-2011-2847 : Use-after-free in document loader.
  7. CVE-2011-2852 : Off-by-one in v8.
  8. CVE-2011-2853 : Use-after-free in plug-in handling.
  9. CVE-2011-2854 : Use-after-free in ruby / table style handing.
  10. CVE-2011-2855 : Stale node in stylesheet handling.
  11. CVE-2011-2856 : Cross-origin bypass in v8.
  12. CVE-2011-2857 : Use-after-free in focus controller.
  13. CVE-2011-2860 : Use-after-free in table style handling.
  14. CVE-2011-2862 : Unintended access to v8 built-in objects.
  15. CVE-2011-2875 : Type confusion in v8 object sealing.

2. Medium 등급


  1. CVE-2011-2843 : Out-of-bounds read with media buffers.
  2. CVE-2011-2844 : Out-of-bounds read with mp3 files.
  3. CVE-2011-2848 : URL bar spoof with forward button.
  4. CVE-2011-3234 : Out-of-bounds read in box handling.
  5. CVE-2011-2850 : Out-of-bounds read with Khmer characters.
  6. CVE-2011-2851 : Out-of-bounds read in video handling.
  7. CVE-2011-2858 : Out-of-bounds read with triangle arrays.
  8. CVE-2011-2859 : Incorrect permissions assigned to non-gallery pages.
  9. CVE-2011-2861 : Bad string read in PDF.
  10. CVE-2011-2864 : Out-of-bounds read with Tibetan characters.

3. Low 등급


  1. CVE-2011-2836 : Infobar the Windows Media Player plug-in to avoid click-free access to the system Flash.
  2. CVE-2011-2837 : Use PIC / pie compiler flags. (Linux 운영 체제)
  3. CVE-2011-2838 : Treat MIME type more authoritatively when loading plug-ins.
  4. CVE-2011-2840 : Possible URL bar spoofs with unusual user interaction.
  5. CVE-2011-2842 : Insecure lock file handling in the Mac installer. (Mac 운영 체제)
  6. CVE-2011-2849 : Browser NULL pointer crash with WebSockets.
  7. CVE-2011-2874 : Failure to pin a self-signed cert for a session.

해당 Google Chrome 웹 브라우저를 사용하시는 분들은 반드시 최신 버전으로 업데이트를 하시고 인터넷을 이용하시기 바랍니다.

728x90
반응형