ie8 fix
madison

Zero Day

Ryan Naraine, Emil Protalinski and Dancho Danchev
Home / News & Blogs / Zero Day

Google shells out $10,000 to fix 10 high-risk Chrome browser flaws

By | October 5, 2011, 3:02am PDT

Summary: The new Google Chrome version 14.0.835.202 also contains Adobe Flash Player 11, a software update that includes several security and privacy goodies.

Google has shipped another Chrome browser update with fixes for several “high-risk” security vulnerabilities that expose Windows, Mac OS X and Linux users to malicious hacker attacks.

The new Google Chrome version 14.0.835.202 also contains Adobe Flash Player 11, a software update that includes several security and privacy goodies.

As part of its bug bounty program, Google spent about $10,000 to buy the rights to the vulnerability information from security researchers.

Details on the vulnerabilities:

  • [$1000] High CVE-2011-2876: Use-after-free in text line box handling. Credit to miaubiz.
  • [$1000] High CVE-2011-2877: Stale font in SVG text handling. Credit to miaubiz.
  • [$2000] High CVE-2011-2878: Inappropriate cross-origin access to the window prototype. Credit to Sergey Glazunov.
  • [96150] High CVE-2011-2879: Lifetime and threading issues in audio node handling. Credit to Google Chrome Security Team (Inferno).
  • [$4500] High CVE-2011-2880: Use-after-free in the v8 bindings. Credit to Sergey Glazunov.
  • [$1500] High CVE-2011-2881: Memory corruption with v8 hidden objects. Credit to Sergey Glazunov.
  • [98089] Critical CVE-2011-3873: Memory corruption in shader translator. Credit to Zhenyao Mo of the Chromium development community.
This latest Chrome patch is being delivered via the browser’s silent update mechanism.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Google Inc., Security Vulnerability, Ryan Naraine, Web Browsers, Security, Internet

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues.

Disclosure

Ryan Naraine

The most important disclosure is of my employment with Kaspersky Lab as a member of the global research and analysis team. Kaspersky Lab is a global company specializing in anti-malware and secure content management technologies. I do not own stocks or other investments in any technology company.

Biography

Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content management technologies.

Prior to joining Kaspersky Lab, Ryan was Editor-at-Large/Security at eWEEK, leading the magazine's and Web site's coverage of Internet and computer security issues and managing the popular SecurityWatch blog, covering the daily threats, vulnerabilities and IT security technologies. He also covered IT security, hacker attacks and secure content management topics for Jupiter Media's internetnetnews.com.

Ryan can be reached at naraine SHIFT 2 gmail.com. For daily updates on Ryan's activities, follow him on Twitter.

3
Comments
Add Your Opinion

Join the conversation!

Just In

You need to focus. These are issues for Microsoft.
Joe.Smetona Updated - 28th Oct
@Gisabun .. Issues categorized as security problems for Microsoft, and not a threat to Linux or Apple are also (non-critical) adjustments made to the Linux and Apple versions. It's how software works. So, in effect, Linux and Apple versions get changes made for issues that don't affect their security.

If that were not true, my Linux would have gotten at least some infections in the last 9 years using Firefox and Chrome. Problems with Linux or Apple using Chrome or Firefox aren't a factor. Microsoft, on the other hand has many, many holes which are constantly exploited through software, and the issues are critical.

So, even though you don't realize it, (probably due to years of ZDNet propaganda), your complaints about "the number of bugs in Chrome browser" are really an indictment of Windows bugs. Application software, no matter how well written, can completely cover security issues in a poorly written OS that relies on closed source code ambiguity of the binary files for protection. Windows has been doing that from the beginning.

"...expose Windows, Mac OS X and Linux users to malicious hacker attacks."

This is a common tool used many times over the years at ZDNet to "spread the blame" when only MS is the culprit. Ask yourself what OS initiated these "Bugs". What OS had the problems? Just because blanket changes are made does not mean there was a security issue with the other operating systems.

This is a good example of ZDNet propaganda.

View in thread
0 Votes
+ -
Peanuts
Michael Kelly 5th Oct
$10,000 is a very small price to pay to insure security of one of the most used pieces of software in the world.
0 Votes
+ -
Errr....
Gisabun 6th Oct
Cheapskates. On the other hand with the number of bugs in Chrome browser, it will make some people rich!
0 Votes
+ -
You need to focus. These are issues for Microsoft.
Joe.Smetona Updated - 28th Oct
@Gisabun .. Issues categorized as security problems for Microsoft, and not a threat to Linux or Apple are also (non-critical) adjustments made to the Linux and Apple versions. It's how software works. So, in effect, Linux and Apple versions get changes made for issues that don't affect their security.

If that were not true, my Linux would have gotten at least some infections in the last 9 years using Firefox and Chrome. Problems with Linux or Apple using Chrome or Firefox aren't a factor. Microsoft, on the other hand has many, many holes which are constantly exploited through software, and the issues are critical.

So, even though you don't realize it, (probably due to years of ZDNet propaganda), your complaints about "the number of bugs in Chrome browser" are really an indictment of Windows bugs. Application software, no matter how well written, can completely cover security issues in a poorly written OS that relies on closed source code ambiguity of the binary files for protection. Windows has been doing that from the beginning.

"...expose Windows, Mac OS X and Linux users to malicious hacker attacks."

This is a common tool used many times over the years at ZDNet to "spread the blame" when only MS is the culprit. Ask yourself what OS initiated these "Bugs". What OS had the problems? Just because blanket changes are made does not mean there was a security issue with the other operating systems.

This is a good example of ZDNet propaganda.

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix