Google has fixed a couple of security vulnerabilities in its Chrome browser, including a high-risk use-after-free bug and a problem in the way that the Apple OS X driver for some Intel GPUs handles rendering.
The biggest fix in Chrome 23 is a patch for the use-after-free vulnerability in the Chrome SVG filters. That vulnerability brought home a $1,000 reward for Miaubiz, a frequent contributor to Google’s bug bounty program. The company also repaired a buffer underflow in libxml, a medium-risk vulnerability that earned a researcher named Atte Kettunen a $500 reward.
Google recently has been handing out some rewards for researchers who report vulnerabilities in non-Chrome components, and this time around one of those went to a researcher named Justin Drake, who found the problem with rendering in the OS X driver for Intel GPUs.
Here’s the full list of bugs fixed in Chrome 23.0.1271.91:
****And back to your regular scheduled rewards: ****[$1000] [156567] High CVE-2012-5133: Use-after-free in SVG filters. Credit to miaubiz.
code.google.com/p/chromium/issues/detail?id=148638
code.google.com/p/chromium/issues/detail?id=152746
code.google.com/p/chromium/issues/detail?id=155711
code.google.com/p/chromium/issues/detail?id=156567
code.google.com/p/chromium/issues/detail?id=158249
code.google.com/p/chromium/issues/detail?id=159165
code.google.com/p/chromium/issues/detail?id=159829
threatpost.com/google-repairs-high-risk-flaw-chrome-112712/