Google Chrome 19 is out

Google Chrome 19 is out

Summary: Google Chrome version 19.0.1084.46 is out, fixing 20 security vulnerabilities in the company's browser: eight high-severity flaws, seven medium-severity flaws, and five low-severity flaws.

SHARE:

Google today released Chrome version 19. On the security side, the new version fixes 20 vulnerabilities: eight high-severity flaws, seven medium-severity flaws, and five low-severity flaws. You can update to the latest version using the software's built-in silent updater, or you can download the latest version of Chrome directly from google.com/chrome.

Here are the 20 security vulnerabilities fixed in Google Chrome 19.0.1084.46 (for full details, check out the SVN log):

  • [112983] Low CVE-2011-3083: Browser crash with video + FTP. Credit to Aki Helin of OUSPG.
  • [113496] Low CVE-2011-3084: Load links from internal pages in their own process. Credit to Brett Wilson of the Chromium development community.
  • [118374] Medium CVE-2011-3085: UI corruption with long autofilled values. Credit to “psaldorn”.
  • [$1000] [118642] High CVE-2011-3086: Use-after-free with style element. Credit to Arthur Gerkis.
  • [118664] Low CVE-2011-3087: Incorrect window navigation. Credit to Charlie Reis of the Chromium development community.
  • [$500] [120648] Medium CVE-2011-3088: Out-of-bounds read in hairline drawing. Credit to Aki Helin of OUSPG.
  • [$1000] [120711] High CVE-2011-3089: Use-after-free in table handling. Credit to miaubiz.
  • [$500] [121223] Medium CVE-2011-3090: Race condition with workers. Credit to Arthur Gerkis.
  • [121734] High CVE-2011-3091: Use-after-free with indexed DB. Credit to Google Chrome Security Team (Inferno).
  • [$1000] [122337] High CVE-2011-3092: Invalid write in v8 regex. Credit to Christian Holler.
  • [$500] [122585] Medium CVE-2011-3093: Out-of-bounds read in glyph handling. Credit to miaubiz.
  • [122586] Medium CVE-2011-3094: Out-of-bounds read in Tibetan handling. Credit to miaubiz.
  • [$1000] [123481] High CVE-2011-3095: Out-of-bounds write in OGG container. Credit to Hannu Heikkinen.
  • [Linux only] [123530] Low CVE-2011-3096: Use-after-free in GTK omnibox handling. Credit to Arthur Gerkis.
  • [123733] [124182] High CVE-2011-3097: Out-of-bounds write in sampled functions with PDF. Credit to Kostya Serebryany of Google and Evgeniy Stepanov of Google.
  • [Windows only] [124216] Low CVE-2011-3098: Bad search path for Windows Media Player plug-in. Credit to Haifei Li of Microsoft and MSVR (MSVR:159).
  • [124479] High CVE-2011-3099: Use-after-free in PDF with corrupt font encoding name. Credit to Mateusz Jurczyk of Google Security Team and Gynvael Coldwind of Google Security Team.
  • [124652] Medium CVE-2011-3100: Out-of-bounds read drawing dash paths. Credit to Google Chrome Security Team (Inferno).
  • [Linux only] [$500] [118970] Medium CVE-2011-3101: Work around Linux Nvidia driver bug. Credit to Aki Helin of OUSPG.
  • [$1500] [125462] High CVE-2011-3102: Off-by-one out-of-bounds write in libxml. Credit to Jüri Aedla.

For Chrome 19, Google paid security researchers a grand total $7,500 in rewards as part of its bug bounty program. The last $2,000 went to two rewards for vulnerabilities that applied to Chrome as well as other applications. An additional $9,000 went to Aki Helin of OUSPG, S?awomir B?a?ek, Chamal de Silva, miaubiz, Arthur Gerkis, and Christian Holler for helping Google during its development cycle and preventing security regressions from reaching the Chrome stable build.

The total $14,500 payout is really just a drop in the bucket for Google given that the search giant recently quintupled its maximum bug bounty to $20,000. The company has so far received over 780 qualifying vulnerability reports that span across the hundreds of Google-developed services, as well as the software written by 50 or so firms it has acquired. In just over a year, the program has paid out around $460,000 to roughly 200 individuals.

Update on May 16 - Chrome 19: The Best Web browser just keeps getting better

See also:

Topics: Operating Systems, Apps, Browser, Google, Linux, Open Source, Software

Emil Protalinski

About Emil Protalinski

Emil is a freelance journalist writing for CNET and ZDNet. Over the years,
he has covered the tech industry for multiple publications, including Ars
Technica, Neowin, and TechSpot.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

13 comments
Log in or register to join the discussion
  • Chrome 19

    I really like the look of the new settings page. I feel it has a Windows 8 metro look. Nice improvement.
    magna713
  • V8 and JIT optimizations bring a net 25% speed increase.

    Just thought that was worth mentioning here! :P
    DTS - Your Linux Advocate
  • Can't get it; error 12

    Meh, in the trash you go
    votshtoy
  • At this release rate, Google Chrome 2013 will be out by 2013

    Seriously, how are all these incremental updates resulting in a major version number?
    Your Non Advocate
    • Simple..

      Chrome doesn't have "major version numbers". Google doesn't refer version 19 of Chrome as: Chrome 19. To them it's just "Chrome", and that's how it has always been.
      Ajedi32
  • Google Chrome 19 is out

    Now with new and improved spyware!
    Loverock Davidson-
    • Yet Microsoft Security Essentials did not tag as spyware!

      Another Loverock Davidson urban myth, debunked by Microsoft.
      daikon
      • You are telling us Google didn't say they would take your information?

        Read the subject line and weep.
        Loverock Davidson-
  • Chrome 19 is fast but it still crashes

    Safari is rock steady on my OS X system. Chrome 19 is faster but less stable. I couldn't post this comment to ZDNet using Chrome 19.
    kenosha77a
    • To be fair,

      That has more to do with the bugginess of ZDNet's comment system. Admittedly, it's gotten quite a bit better recently, but I still run across quite a few frustrating events, no matter the browser.
      Aerowind
  • Kudos

    All said and done, and with all the complaints of spyware and more, Google has done an excellent job with Chrome and Chromium. Never thought I'd see the day that Chrome would be my most used browser over Opera, which I still love for its speed, but Chrome just works with all the websites I've ever tried, and IT actually supports chrome for Mac, Linux and Windows at my company today.
    kraterz
    • I agree

      I completely agree. Nowadays, I find myself using primarily Chrome (it works really well with Chrome for Android on my Tab) and in rare cases IE9 - though I am looking forward to IE10 in due course. But at the moment, Chrome is excellent - it is fast and on my machines at least, Chrome is steady
      crystalsoldier
  • Why is Firefox never reported on? ZDNet is so biased at times.

    I too find Chrome unstable on two Win7 laptops (Intel Core 2 Duo and Intel i3, both with 3Gb memory), on one it forever crashes and has to reload for no apparent reason (usually when I open a new tab) and the other the memory it consumes gets so high it causes Chrome to grind to a halt.

    I've not tried Firefox on the Intel i3 (it's not my laptop) but Firefox is rock solid on the Intel Core 2 Duo. It has much more features too.

    Chrome is fine with only 3-4 tabs open (my Mother never opens more than 2 tabs) but start opening a lot and it becomes very unstable.
    bradavon