Chrome Bugs Patched

Thursday, August 4, 2011 @ 05:08 PM gHale

Chrome earned some patches and its parent, Google, fixed 30 vulnerabilities.

The company packaged the patches with an update to Chrome 13, adding Instant Pages to the “stable” channel of the browser. The feature, which Google earlier tucked into Chrome 13 previews, pre-loads some search results to speed up browsing.

Nontraditional Trojan Distribution
Fraud Foray Fools Phishing Filter
Microsoft Updates Rootkit Removal Plan
‘Indestructible’ Botnet Making Rounds

Google last upgraded Chrome’s stable build in early June. Like Mozilla, which this year shifted to a rapid-release schedule, Google produces an update about every six-to-eight weeks.

Fourteen of the 30 vulnerabilities patched fell under the “high” moniker, the second-most-serious ranking in Google’s four-step scoring system, while nine were “medium” and the remaining seven were “low.”

None of the flaws were “critical,” the category usually reserved for bugs that may allow an attacker to escape Chrome’s anti-exploit sandbox. Google has patched several critical bugs this year, the last time in April.

Most of the vulnerabilities rated as a high threat — nine of the 14 — were “use-after-free” bugs, a type of memory management flaw that an attacker could exploit to inject attack code.

Google locked down the Chrome bug-tracking database for the 30 vulnerabilities to prevent outsiders from obtaining details on the underlying flaws. The company bars the public from the database to give users time to update, sometimes waiting months before lifting the embargo.

Leave a Reply

You must be logged in to post a comment.