Google shells out $10,000 to fix 10 high-risk Chrome browser flaws

Summary:The new Google Chrome version 14.0.835.202 also contains Adobe Flash Player 11, a software update that includes several security and privacy goodies.

Google has shipped another Chrome browser update with fixes for several "high-risk" security vulnerabilities that expose Windows, Mac OS X and Linux users to malicious hacker attacks.

The new Google Chrome version 14.0.835.202 also contains Adobe Flash Player 11, a software update that includes several security and privacy goodies.

As part of its bug bounty program, Google spent about $10,000 to buy the rights to the vulnerability information from security researchers.

Details on the vulnerabilities:

  • [$1000] High CVE-2011-2876: Use-after-free in text line box handling. Credit to miaubiz.
  • [$1000] High CVE-2011-2877: Stale font in SVG text handling. Credit to miaubiz.
  • [$2000] High CVE-2011-2878: Inappropriate cross-origin access to the window prototype. Credit to Sergey Glazunov.
  • [96150] High CVE-2011-2879: Lifetime and threading issues in audio node handling. Credit to Google Chrome Security Team (Inferno).
  • [$4500] High CVE-2011-2880: Use-after-free in the v8 bindings. Credit to Sergey Glazunov.
  • [$1500] High CVE-2011-2881: Memory corruption with v8 hidden objects. Credit to Sergey Glazunov.
  • [98089] Critical CVE-2011-3873: Memory corruption in shader translator. Credit to Zhenyao Mo of the Chromium development community.

This latest Chrome patch is being delivered via the browser's silent update mechanism.

Topics: Security, Browser, Google

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.