Chrome Update Fills in Holes

Tuesday, November 15, 2011 @ 10:11 PM gHale


Google’s version 15.0.874.120 of Chrome is the maintenance and security update to the WebKit-based browser that upgrades the V8 JavaScript engine to version 3.5.10.23, which addresses several vulnerabilities, and includes the recent Flash Player 11.1 release, which also closes critical security holes.

The update fixes five “high-risk” bugs: A heap overflow in the Ogg Vorbis decoder, a double free issue in the Theora decoder and a memory corruption regression in VP8 decoding, as well as a use-after-free error and a buffer overflow in shader variable mapping.

RELATED STORIES
Adobe Patches 12 Critical Flash Holes
Firefox 8 Patches 8 Bugs
Zeus Now Using Autorun
Old Becomes New: DLL Loading is Back

The company also patched up two medium-risk out of bounds reads in MKV and Ogg vorbis media handlers, and a low-risk issue that caused JRE7 to fail to ask for permission to run applets. Further details of the vulnerabilities remain undisclosed until “a majority of users are up-to-date with the fix”.

More information about the update is on a post on the Google Chrome Releases blog. Chrome 15.0.874.120 for Windows, Mac OS X, Linux and Chrome Frame is available to download from google.com/chrome. Users who currently have Chrome installed can use the built-in update function.



Leave a Reply

You must be logged in to post a comment.