Google Introduced Fixes For “High-Risk” Security Holes In Its Chrome Browser

Google has shelled out another $7,000 in bounties to acquire and fix multiple high-risk security holes in its Chrome browser and Google Chrome version 12.0.742.112 addresses security vulnerabilities that expose users to remote code execution attacks. Chrome Stable channel has been updated to 12.0.742.112 for all platforms and contains an updated version of Adobe Flash……….

 

Arriving as the second security patch Google has released for its web browser in June, the 12.0.742.112 update delivers solutions for six flaws rated as high where associated risk factor is concerned and this is a maintenance and security update for the Windows, Mac OS X and Linux versions, as well as Chrome Frame for Internet Explorer. The update addresses a total of seven vulnerabilities, six of which are rated as high-risk. The update to the current stable edition of Chrome, Chrome 12, corrects three use-after-free errors, a memory corruption issue in CSS parsing, a bad bounds check in the V8 JavaScript engine and lifetime and re-entrancy issues in the HTML parser. A medium-risk out-of-bounds read problem in NPAPI string handling was also fixed. Google paid out $6,000 as part of its Chromium Security Reward programme for reports of the vulnerabilities fixed in this version. As per Google policy, further details of the vulnerabilities are being withheld until it believes a majority of users have the update installed. All users are encouraged to update to the latest release as soon as possible. Users who currently have Chrome installed can use the built-in update function by clicking Tools, selecting About Google Chrome and clicking the Update button or you can download google chrome web browser: here.

 

The Security Fixes:

  • [$1000] [77493] Medium CVE-2011-2345: Out-of-bounds read in NPAPI string handling. Credit to Philippe Arteau.
  • [$1000] [84355] High CVE-2011-2346: Use-after-free in SVG font handling. Credit to miaubiz.
  • [$1000] [85003] High CVE-2011-2347: Memory corruption in CSS parsing. Credit to miaubiz.
  • [$500] [85102] High CVE-2011-2350: Lifetime and re-entrancy issues in the HTML parser. Credit to miaubiz.
  • [$500] [85177] High CVE-2011-2348: Bad bounds check in v8. Credit to Aki Helin of OUSPG.
  • [$1000] [85211] High CVE-2011-2351: Use-after-free with SVG use element. Credit to miaubiz.
  • [$1000] [85418] High CVE-2011-2349: Use-after-free in text selection. Credit to miaubiz.

 

Thanks: (1),(2)

 [ttjad keyword=”general”]

Leave a Reply