Google fixes five flaws in Chrome 18

Google fixes five flaws in Chrome 18

Summary: Google Chrome version 18.0.1025.168 is out, fixing five security vulnerabilities in the browser. This is a security update release, meaning no new features have been added. You should still update.


Google has released a new version of Chrome 18 that fixes three high-severity flaws and two medium-severity flaws. You can update to the latest version using the software's built-in silent updater, or you can download the latest version of Chrome directly from

Here are the five security vulnerabilities fixed in Google Chrome 18.0.1025.168:

  • [106413] High CVE-2011-3078: Use after free in floats handling. Credit to Google Chrome Security Team (Marty Barbella) and independent later discovery by miaubiz.
  • [117110] High CVE-2012-1521: Use after free in xml parser. Credit to Google Chrome Security Team (SkyLined) and independent later discovery by  wushi of team509 reported through iDefense VCP (V-874rcfpq7z).
  • [117627] Medium CVE-2011-3079: IPC validation failure. Credit to PinkiePie.
  • [121726] Medium CVE-2011-3080: Race condition in sandbox IPC. Credit to Willem Pinckaers of Matasano.
  • [$1000] [121899] High CVE-2011-3081: Use after free in floats handling. Credit to miaubiz.

This round of patches in Google Chrome is one of the rare occasions when the company didn't have to write many cheques to reward researchers who reported vulnerabilities. Only the last bug, a use-after-free flaw, earned a reward of $1,000. Miaubiz has netted quite a number of bug bounties from Google in the last couple of years.

The $1,000 pay out is really just a drop in the bucket for Google given that the search giant recently quintupled its maximum bug bounty to $20,000. The company has so far received over 780 qualifying vulnerability reports that span across the hundreds of Google-developed services, as well as the software written by 50 or so firms it has acquired. In just over a year, the program has paid out around $460,000 to roughly 200 individuals.

See also:

Topics: Browser, Apps, Google, Security

Emil Protalinski

About Emil Protalinski

Emil is a freelance journalist writing for CNET and ZDNet. Over the years,
he has covered the tech industry for multiple publications, including Ars
Technica, Neowin, and TechSpot.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Im shocked, shocked I tell you to hear of security holes in chrome.

    The chrome fanbois say it's secure but it's certainly not. There are likely hundreds, naythousands more. Niether security nor speed nor html/css compliance are valid reasons to switch to chrome.
    Johnny Vegas
    • No software is 100% invulnerable to malware

      What makes Chrome one of the most secure browsers is the fast turn around to patching known flaws and a decent sandboxing feature. I certainly trust Chrome security over Safari, Java, Flash, iTunes and even Firefox.
    • It is only "secure" if ....

      ... you ignore the fact that it was DESIGNED for spyware.
    • If it exists, it can be hacked.

      Especially if it's made by Apple. But then it's just kept quiet when it's hacked. And they don't help anyone for a couple of weeks. But I digress.

      Chrome isn't perfect, nothing is. Nothing can be. But, I'd take Chrome over IE without even thinking. I'd even take it over Firefox. (Sleeker.) No, Chrome isn't perfect. But it's better than most. (IE is probably as easy to hack as Sony. (:P) In comparison, hacking Chrome is probably like taking down one of the root DNS servers.)
    • I am shocked as well ;-)

      You said:
      Niether security nor speed nor html/css compliance are valid reasons to switch to chrome...

      Did you forget something?

      Like "/sarcasm"?
  • Chrome 18?

    My Chrome says it's version 19.0.1084.41
    btw, I run it on an Atom netbook (old Dell Mini)/WinXP Home.
    Runs circles around IE and Firefox.
    That's all I care about.
  • kgb

    KGB would have loved the internet
    preferred user
    • re: kgb

      They do. Their US based subsidiary is very helpful.