Chrome 17 Patches Security Holes

Friday, March 23, 2012 @ 06:03 PM gHale

Google released version 17.0.963.83 of its Chrome web browser, a maintenance update that closes several security holes and fixes issues with Flash games.

The Stable channel update addresses nine vulnerabilities, six of which rate as “high severity.”

Browsers hit with Framesniffing
Chrome Attack Trap Falls Flat
Browsers Fall in Hacking Contest
Chrome Falls, IE Follows

These include an integer issue in libpng (the official PNG reference library), a memory corruption problem in WebGL canvas handling and a cross-origin violation related to “magic iframe,” as well as use-after-free errors in first-letter handling, CSS cross-fade handling and block splitting. One medium-risk invalid read in the V8 JavaScript engine and two low-risk problems related to WebUI privileges and unpacked extension installation are also in the clear.

As part of its Chromium Security Vulnerability Rewards program, Google paid security researchers $5,500 for discovering and reporting the holes. The company is withholding any additional details about the vulnerabilities until “a majority of users are up-to-date with the fix.”

The developers also note they fixed a low severity issue related to the extension web request API in a previous release.

Further information about the update is on the Google Chrome Releases blog. Chrome 17.0.963.83 is available to download from for Windows, Mac OS X and Linux; alternatively, existing users can upgrade using the built-in update function.

Leave a Reply

You must be logged in to post a comment.