Google Fixes Chrome Vulnerabilities

Tuesday, March 6, 2012 @ 02:03 PM gHale


Google released a new variant of Chrome Stable 17 to address important vulnerabilities that may have affected the safety of users.

Chrome Stable 17.0.963.65 addresses 14 high-severity flaws which include use-after-free issues in the v8 element wrapper, in SVG value handling, in SVG document handling, in SVG use handling, in multi-column handling, in quote handling, in flexbox with floats, in class attribute handling, in table section handling, and with SVG animation elements.

RELATED STORIES
Mozilla Shuts Vital Security Hole
Google Secures Chrome 17
Chrome Loses SSL Query Capability
Mozilla Closes Product Suite Holes

Other security holes include an out-of-bounds read in text handling, bad casts in anonymous block splitting and in-line box handling, and a buffer overflow in the Skia drawing library.

Security researcher Chamal de Silva discovered the use-after-free in the v8 element wrapping vulnerability and earned $1,000 (750 EUR) for his contribution to Chrome’s security.

The other weaknesses reported by miaubiz, Arthur Gerkis, and Aki Helin of OUSPG. Besides the rewards for finding the individual bugs, the experts also picked up an extra $10,000 (7,500 EUR) each, for their contributions to Google in the past months.

“We have always reserved the right to arbitrarily reward sustained, extraordinary contributions. In this instance, we’re dropping a surprise bonus,” Google said.

“We reserve the right to do so again and reserve the right to do so on a more regular basis! Chrome has a leading reputation for security and it wouldn’t be possible without the aggressive bug hunting of the wider community.”

Chrome is advising users to update to the latest version.



Leave a Reply

You must be logged in to post a comment.