Google spends $17,000 on Chrome browser vulnerabilities

Google spends $17,000 on Chrome browser vulnerabilities

Summary: The Chrome 13.0.782.107 update, released via the browser's silent automatic update mechanism, fixes a total of 30 vulnerablities, some serious enough to allow drive-by download attacks.

SHARE:
TOPICS: Security, Browser, Google
5

Google has release another Chrome browser point update to fix multiple critical security vulnerabilities that affect Windows, Mac, Linux, and Chrome Frame users.

The Chrome 13.0.782.107 update, released via the browser's silent automatic update mechanism, fixes a total of 30 vulnerablities, some serious enough to allow drive-by download attacks.

The company said it paid about $17,000 in bounties to hackers who found and reported the vulnerabilities.

Some of the "high-risk" issues fixed:

  • [$1000 each] [78841] High CVE-2011-2359: Stale pointer due to bad line box tracking in rendering. Credit to miaubiz and Martin Barbella.
  • [$1000] [86502] High CVE-2011-2790: Use-after-free with floating styles. Credit to miaubiz.
  • [$1000] [86900] High CVE-2011-2791: Out-of-bounds write in ICU. Credit to Yang Dingning from NCNIPC, Graduate University of Chinese Academy of Sciences.follow Ryan Naraine on twitter
  • [$1000] [87148] High CVE-2011-2792: Use-after-free with float removal. Credit to miaubiz.
  • [$1000] [87227] High CVE-2011-2793: Use-after-free in media selectors. Credit to miaubiz.
  • [87548] High CVE-2011-2796: Use-after-free in Skia. Credit to Google Chrome Security Team (Inferno) and Kostya Serebryany of the Chromium development community.
  • [$1000] [87729] High CVE-2011-2797: Use-after-free in resource caching. Credit to miaubiz.
  • [87815] Low CVE-2011-2798: Prevent a couple of internal schemes from being web accessible. Credit to sirdarckcat of the Google Security Team.
  • [$1000] [87925] High CVE-2011-2799: Use-after-free in HTML range handling. Credit to miaubiz.
  • [$1000] [88591] High CVE-2011-2802: v8 crash with const lookups. Credit to Christian Holler.
  • [$1000] [88846] High CVE-2011-2801: Use-after-free in frame loader. Credit to miaubiz.
  • [$1000] [88889] High CVE-2011-2818: Use-after-free in display box rendering. Credit to Martin Barbella.
  • [$500] [89142] High CVE-2011-2804: PDF crash with nested functions. Credit to Aki Helin of OUSPG.
  • [$1500] [89520] High CVE-2011-2805: Cross-origin script injection. Credit to Sergey Glazunov.
  • [$1500] [90222] High CVE-2011-2819: Cross-origin violation in base URI handling. Credit to Sergey Glazunov.

Topics: Security, Browser, Google

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

5 comments
Log in or register to join the discussion
  • RE: Google spends $17,000 on Chrome browser vulnerabilities

    When i view over 40 picture chrome can't open pictures .avant doesn't happen.This is a bug of chrome.
    Alexander2011
  • RE: Google spends $17,000 on Chrome browser vulnerabilities

    Since updating Google Chrome to version 13.0.782.107, it's been mostly sluggish and most times non responsive when trying to load pages. Something got broke.
    Greg2bme
  • RE: Google spends $17,000 on Chrome browser vulnerabilities

    Yes, Chrome 13 crash every time.
    Cattleya.vns
    • RE: Google spends $17,000 on Chrome browser vulnerabilities

      @Cattleya.vns

      I run the Alpha build (15.0.849.0) of Chrome and this thing rocks! It just keeps getting better and better with each version.
      whitenexus
  • RE: Google spends $17,000 on Chrome browser vulnerabilities

    @whitenexus

    How can the beta version of Google Chrome run better than the stable version of Google Chrome? That's backwards. Google needs to work harder on browser stability. Because Chrome starts off good, but then performance deteriorates after a while. And I hate when the built in flash gets nonresponsive and Google Chrome keeps asking me if I would like to stop it.
    Greg2bme