Google Fixes Five Bugs in Chrome 18

Google has fixed five security vulnerabilities in its Chrome browser, including three high-severity flaws. One of the less-severe vulnerabilities fixed in Chrome 18 is a race condition in the browser’s sandbox.

This round of patches in Chrome is one of the rare occasions when the company didn’t have to pay out much in the way of rewards to researchers who reported vulnerabilities. Only one bug, a use-after-free flaw, earned a reward. That was a $1,000 payout for a researcher named Miaubiz, who has earned quite a number of bug bounties from Google in the last couple of years.

The flaw reported by Miaubiz is one of the three high-severity vulnerabilities fixed in this version of Chrome. The other two are also use-after-free flaws, one in the XML parser and the other in floats handling.

Here’s the full list of fixes in Chrome 18:

• [106413] High CVE-2011-3078: Use after free in floats handling. Credit to Google Chrome Security Team (Marty Barbella) and independent later discovery by miaubiz.
• [117110] High CVE-2012-1521: Use after free in xml parser. Credit to Google Chrome Security Team (SkyLined) and independent later discovery by wushi of team509 reported through iDefense VCP (V-874rcfpq7z).
• [117627] Medium CVE-2011-3079: IPC validation failure. Credit to PinkiePie.
• [121726] Medium CVE-2011-3080: Race condition in sandbox IPC. Credit to Willem Pinckaers of Matasano.
• [$1000] [121899] High CVE-2011-3081: Use after free in floats handling.