Google Fixes Chrome Vulnerabilities

Wednesday, March 6, 2013 @ 02:03 PM gHale


Google updated the stable channel of Chrome to 25.0.1364.152, which fixes 10 vulnerabilities, including six high-severity issues.

Two of the high-severity security holes – a use-after-free with SVG animations, and a memory corruption in Web Audio – ended up discovered by Atte Kettunen of OUSPG. For his findings, Google awarded the researcher with $3000.

RELATED STORIES
Chrome 25 Fixes Vulnerabilities
Security Fixes; PDF Viewer in Firefox 19
Firefox: Silent Add-ons Possible
New Opera Release Fixes Holes

Other high-severity security flaws include a use-after-free in frame loader discovered by Chamal de Silva, and a use-after-free in browser navigation handling found by “chromium.khalil.”

Jüri Aedla, of the Google Chrome Security Team, uncovered a possible path traversal in database handling and a memory corruption in Indexed DB, both assessed as being high-risk vulnerabilities.

In addition to these security holes, members of the Google Chrome Security Team and the Chromium development community found three medium-severity issues.

Russian security expert Egor Homakov reported a referer leakage with XSS Auditor.



Leave a Reply

You must be logged in to post a comment.