Google’s Chrome patches 12 ‘high risk’ security vulnerabilities

By Dancho Danchev

Yesterday, Google updated its Chrome browser to 18.0.1025.151 on Windows, Mac, Linux and Chrome Frame.

Next to patching multiple usability bugs, the latest update has also patched numerous vulnerabilities reported through  Google’s security bugs bounty program.

More details:

The following ‘high risk’ security flaws were patched:

  • [106577] [$500] Medium CVE-2011-3066: Out-of-bounds read in Skia clipping. Credit to miaubiz.
  • [117583] Medium CVE-2011-3067: Cross-origin iframe replacement. Credit to Sergey Glazunov.
  • [117698] [$1000] High CVE-2011-3068: Use-after-free in run-in handling. Credit to miaubiz.
  • [117728] [$1000] High CVE-2011-3069: Use-after-free in line box handling. Credit to miaubiz.
  • [118185] High CVE-2011-3070: Use-after-free in v8 bindings. Credit to Google Chrome Security Team (SkyLined).
  • [118273] High CVE-2011-3071: Use-after-free in HTMLMediaElement. Credit to pa_kt, reporting through HP TippingPoint ZDI (ZDI-CAN-1528).
  • [118467] Low CVE-2011-3072: Cross-origin violation parenting pop-up window. Credit to Sergey Glazunov.
  • [118593] [$1000] High CVE-2011-3073: Use-after-free in SVG resource handling. Credit to Arthur Gerkis.
  • [119281] [$500] Medium CVE-2011-3074: Use-after-free in media handling. Credit to Sławomir Błażek.
  • [119525] [$1000] High CVE-2011-3075: Use-after-free applying style command. Credit to miaubiz.
  • [120037] [$1000] High CVE-2011-3076: Use-after-free in focus handling. Credit to miaubiz.
  • [120189] Medium CVE-2011-3077: Read-after-free in script bindings. Credit to Google Chrome Security Team (Inferno).

The latest version of Chrome, also includes the latest version of the recently patched Adobe Flash Player.

Webroot advises end and corporate users to update to the latest version immediately.

You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on  Twitter.

One thought on “Google’s Chrome patches 12 ‘high risk’ security vulnerabilities

  1. I like Chrome but think it is flawed for a security weakness which it would be irresponsible of me to detail here publicly. I have told this to one of their staff. Chrome is great for browsing but I keep logged out except for when I need to change a setting and use Firefox for emails, calendar etc which are account focused.

Join the Conversation

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s