Apr
29
2011

Google Chrome 11 Fixes Flurry of Vulnerabilities

Google has released version 11.0.696.57 of its Google browser which addresses a large number of vulnerabilities and sets a new record for the amount of money paid to security researchers as reward in a single update.
A total number of 27 vulnerabilities were patched in this release, 18 of which are rated with high severity, 6 with medium and 3 with low.

Regular Chrome security contributors Sergey Glazunov, miaubiz and kuzzcc are credited with discovering three vulnerabilities each which earned them $4,000, $2,000 and $4,000 respectively.
The total payout for this release was $16,500, which exceeds the previous records set by Chrome 8.0.552.334 in February when researchers earned $14,500.
There were no special $1,337 or $3,133.7 rewards associated with this release, but there were many $1,000, $1,500 and $2,000 ones suggesting that researchers also helped fix the bugs they found.
Five of the patched vulnerabilities were discovered by members of the Chromium development community or Google’s own security team.
We would also like to thank miaubiz, kuzzcc, Slawomir Blazek, Drew Yao and Braden Thomas of Apple Product Security and Christian Hollier for working with us during the development cycle and helping prevent bugs from ever reaching the stable channel,” Google added.

A complete list of addressed vulnerabilities ordered by severity reads as follows:

· Low CVE-2011-1304: Pop-up block bypass via plug-ins.
· Low CVE-2011-1450: Dangling pointers in file dialogs.
· Low CVE-2011-1436: Possible browser crash due to bad interaction with X.
· Medium CVE-2011-1305: Linked-list race in database handling.
· Medium CVE-2011-1434: Lack of thread safety in MIME handling.
· Medium CVE-2011-1435: Bad extension with ‘tabs’ permission can capture local files.
· Medium CVE-2011-1445: Out-of-bounds read in SVG.
· Medium CVE-2011-1452: URL bar spoof with redirect and manual reload.
· Medium CVE-2011-1455: Out-of-bounds read with multipart-encoded PDF.
· High CVE-2011-1303: Stale pointer in floating object handling.
· High CVE-2011-1437: Integer overflows in float rendering.
· High CVE-2011-1438: Same origin policy violation with blobs.
· High CVE-2011-1439: Prevent interference between renderer processes.
· High CVE-2011-1440: Use-after-free with <ruby> tag and CSS.
· High CVE-2011-1441: Bad cast with floating select lists.
· High CVE-2011-1442: Corrupt node trees with mutation events.
· High CVE-2011-1443: Stale pointers in layering code.
· High CVE-2011-1444: Race condition in sandbox launcher.
· High CVE-2011-1446: Possible URL bar spoofs with navigation errors and interrupted loads.
· High CVE-2011-1447: Stale pointer in drop-down list handling.
· High CVE-2011-1448: Stale pointer in height calculations.
· High CVE-2011-1449: Use-after-free in WebSockets.
· High CVE-2011-1451: Dangling pointers in DOM id map.
· High CVE-2011-1454: Use-after-free in DOM id handling.
· High CVE-2011-1456: Stale pointers with PDF forms.

In addition to security fixes Chrome also contains a many improvements and new features like speech input through HTML which allows users to translate what they’re speaking.

The latest version Google Chrome for Windows can be downloaded from here.
The latest version Google Chrome for Linux can be downloaded from here.
The latest version Google Chrome for Mac can be downloaded from here.

Comments

comments

Leave a comment

Categories

September 2017
M T W T F S S
« Sep    
 123
45678910
11121314151617
18192021222324
252627282930