Lucene search

K
threatpostDennis FisherTHREATPOST:5DDDBD5ED252961A4844AC06D972C194
HistoryOct 04, 2011 - 7:00 p.m.

Google Fixes Seven Flaws in New Chrome 14 Release

2011-10-0419:00:35
Dennis Fisher
threatpost.com
17

0.018 Low

EPSS

Percentile

88.3%

Chrome patchGoogle has fixed seven security vulnerabilities in its Chrome browser with a new release on Tuesday. Six of the bugs fixed in Chrome are rated high, with just one listed as critical. The company paid out $10,000 in bounties for the bugs it fixed in this release.

In addition to the security fixes, Google also included an updated version of the Flash player in Chrome, eliminating some security issues with the older version. The new version of Chrome is available for Windows, Mac OS X, Linux and Chrome Frame. Google also is working on a fix for the issue caused by Microsoftโ€™s Security Essentials anti-malware program mistakenly identifying the browser file as a piece of malware, but itโ€™s not clear whether that fix is included in the release of Chrome 14.0.835.202.

The one critical vulnerability fixed in the browser is a memory corruption bug in the shader translator in Chrome.

The list of security fixes includes:

  • [$1000] [93788] High CVE-2011-2876: Use-after-free in text line box handling. Credit to miaubiz.
  • [$1000] [95072] High CVE-2011-2877: Stale font in SVG text handling. Credit to miaubiz.
  • [$2000] [95671] High CVE-2011-2878: Inappropriate cross-origin access to the window prototype. Credit to Sergey Glazunov.
  • [96150] High CVE-2011-2879: Lifetime and threading issues in audio node handling. Credit to Google Chrome Security Team (Inferno).
  • [$4500] [97451] [97520] [97615] High CVE-2011-2880: Use-after-free in the v8 bindings. Credit to Sergey Glazunov.
  • [$1500] [97784] High CVE-2011-2881: Memory corruption with v8 hidden objects. Credit to Sergey Glazunov.
  • [98089] Critical CVE-2011-3873: Memory corruption in shader translator. Credit to Zhenyao Mo of the Chromium development community.

0.018 Low

EPSS

Percentile

88.3%