Google Chrome 22.0.1229.79

  • Mouse Lock API availability for Javascript
  • Additional Windows 8 enhancements
  • Continued polish for users of HiDPI/Retina screens
You can find out more about Chrome 22 on the Official Chrome Blog.
Security fixes and rewards:

Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

Occasionally, we issue special rewards for bugs outside of Chrome, particularly where the bug is very severe and/or we are able to partially work around the issue:

  • [$5000] [146254] Critical CVE-2012-2897: Windows kernel memory corruption. Credit to Eetu Luodemaa and Joni Vähämäki, both from Documill.


And back to your regular scheduled rewards, including some at the new higher levels:

  • [$10000] [143439] High CVE-2012-2889: UXSS in frame handling. Credit to Sergey Glazunov.
  • [$5000] [143437] High CVE-2012-2886: UXSS in v8 bindings. Credit to Sergey Glazunov.
  • [$2000] [139814] High CVE-2012-2881: DOM tree corruption with plug-ins. Credit to Chamal de Silva.
  • [$1000] [135432] High CVE-2012-2876: Buffer overflow in SSE2 optimizations. Credit to Atte Kettunen of OUSPG.
  • [$1000] [140803] High CVE-2012-2883: Out-of-bounds write in Skia. Credit to Atte Kettunen of OUSPG.
  • [$1000] [143609] High CVE-2012-2887: Use-after-free in onclick handling. Credit to Atte Kettunen of OUSPG.
  • [$1000] [143656] High CVE-2012-2888: Use-after-free in SVG text references. Credit to miaubiz.
  • [$1000] [144899] High CVE-2012-2894: Crash in graphics context handling. Credit to Sławomir Błażek.
  • [Mac only] [$1000] [145544] High CVE-2012-2896: Integer overflow in WebGL. Credit to miaubiz.
  • [$500] [137707] Medium CVE-2012-2877: Browser crash with extensions and modal dialogs. Credit to Nir Moshe.
  • [$500] [139168] Low CVE-2012-2879: DOM topology corruption. Credit to pawlkt.
  • [$500] [141651] Medium CVE-2012-2884: Out-of-bounds read in Skia. Credit to Atte Kettunen of OUSPG.
  • [132398] High CVE-2012-2874: Out-of-bounds write in Skia. Credit to Google Chrome Security Team (Inferno).
  • [134955] [135488] [137106] [137288] [137302] [137547] [137556] [137606] [137635] [137880] [137928] [144579] [145079] [145121] [145163] [146462] Medium CVE-2012-2875: Various lower severity issues in the PDF viewer. Credit to Mateusz Jurczyk of Google Security Team, with contributions by Gynvael Coldwind of Google Security Team.
  • [137852] High CVE-2012-2878: Use-after-free in plug-in handling. Credit to Fermin Serna of Google Security Team.
  • [139462] Medium CVE-2012-2880: Race condition in plug-in paint buffer. Credit to Google Chrome Security Team (Cris Neckar).
  • [140647] High CVE-2012-2882: Wild pointer in OGG container handling. Credit to Google Chrome Security Team (Inferno).
  • [142310] Medium CVE-2012-2885: Possible double free on exit. Credit to the Chromium development community.
  • [143798] [144072] [147402] High CVE-2012-2890: Use-after-free in PDF viewer. Credit to Mateusz Jurczyk of Google Security Team, with contributions by Gynvael Coldwind of Google Security Team.
  • [144051] Low CVE-2012-2891: Address leak over IPC. Credit to Lei Zhang of the Chromium development community.
  • [144704] Low CVE-2012-2892: Pop-up block bypass. Credit to Google Chrome Security Team (Cris Neckar).
  • [144799] High CVE-2012-2893: Double free in XSL transforms. Credit to Google Chrome Security Team (Cris Neckar).
  • [145029] [145157] [146460] High CVE-2012-2895: Out-of-bounds writes in PDF viewer. Credit to Mateusz Jurczyk of Google Security Team, with contributions by Gynvael Coldwind of Google Security Team.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s