Google shells out $10,000 to fix 10 high-risk Chrome browser flaws

The new Google Chrome version 14.0.835.202 also contains Adobe Flash Player 11, a software update that includes several security and privacy goodies.

Google has shipped another Chrome browser update with fixes for several "high-risk" security vulnerabilities that expose Windows, Mac OS X and Linux users to malicious hacker attacks.

The new Google Chrome version 14.0.835.202 also contains Adobe Flash Player 11, a software update that includes several security and privacy goodies.

As part of its bug bounty program, Google spent about $10,000 to buy the rights to the vulnerability information from security researchers.

Details on the vulnerabilities:

  • [$1000] High CVE-2011-2876: Use-after-free in text line box handling. Credit to miaubiz.
  • [$1000] High CVE-2011-2877: Stale font in SVG text handling. Credit to miaubiz.
  • [$2000] High CVE-2011-2878: Inappropriate cross-origin access to the window prototype. Credit to Sergey Glazunov.
  • [96150] High CVE-2011-2879: Lifetime and threading issues in audio node handling. Credit to Google Chrome Security Team (Inferno).
  • [$4500] High CVE-2011-2880: Use-after-free in the v8 bindings. Credit to Sergey Glazunov.
  • [$1500] High CVE-2011-2881: Memory corruption with v8 hidden objects. Credit to Sergey Glazunov.
  • [98089] Critical CVE-2011-3873: Memory corruption in shader translator. Credit to Zhenyao Mo of the Chromium development community.

This latest Chrome patch is being delivered via the browser's silent update mechanism.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All
See All