ie8 fix
madison

Zero Day

Ryan Naraine, Emil Protalinski and Dancho Danchev
Home / News & Blogs / Zero Day

Google spends $17,000 on Chrome browser vulnerabilities

By | August 3, 2011, 12:02pm PDT

Summary: The Chrome 13.0.782.107 update, released via the browser’s silent automatic update mechanism, fixes a total of 30 vulnerablities, some serious enough to allow drive-by download attacks.

Google has release another Chrome browser point update to fix multiple critical security vulnerabilities that affect Windows, Mac, Linux, and Chrome Frame users.

The Chrome 13.0.782.107 update, released via the browser’s silent automatic update mechanism, fixes a total of 30 vulnerablities, some serious enough to allow drive-by download attacks.

The company said it paid about $17,000 in bounties to hackers who found and reported the vulnerabilities.

Some of the “high-risk” issues fixed:

  • [$1000 each] [78841] High CVE-2011-2359: Stale pointer due to bad line box tracking in rendering. Credit to miaubiz and Martin Barbella.
  • [$1000] [86502] High CVE-2011-2790: Use-after-free with floating styles. Credit to miaubiz.
  • [$1000] [86900] High CVE-2011-2791: Out-of-bounds write in ICU. Credit to Yang Dingning from NCNIPC, Graduate University of Chinese Academy of Sciences.follow Ryan Naraine on twitter
  • [$1000] [87148] High CVE-2011-2792: Use-after-free with float removal. Credit to miaubiz.
  • [$1000] [87227] High CVE-2011-2793: Use-after-free in media selectors. Credit to miaubiz.
  • [87548] High CVE-2011-2796: Use-after-free in Skia. Credit to Google Chrome Security Team (Inferno) and Kostya Serebryany of the Chromium development community.
  • [$1000] [87729] High CVE-2011-2797: Use-after-free in resource caching. Credit to miaubiz.
  • [87815] Low CVE-2011-2798: Prevent a couple of internal schemes from being web accessible. Credit to sirdarckcat of the Google Security Team.
  • [$1000] [87925] High CVE-2011-2799: Use-after-free in HTML range handling. Credit to miaubiz.
  • [$1000] [88591] High CVE-2011-2802: v8 crash with const lookups. Credit to Christian Holler.
  • [$1000] [88846] High CVE-2011-2801: Use-after-free in frame loader. Credit to miaubiz.
  • [$1000] [88889] High CVE-2011-2818: Use-after-free in display box rendering. Credit to Martin Barbella.
  • [$500] [89142] High CVE-2011-2804: PDF crash with nested functions. Credit to Aki Helin of OUSPG.
  • [$1500] [89520] High CVE-2011-2805: Cross-origin script injection. Credit to Sergey Glazunov.
  • [$1500] [90222] High CVE-2011-2819: Cross-origin violation in base URI handling. Credit to Sergey Glazunov.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Google Inc., Vulnerability, Web Browser, Ryan Naraine, Browser Vulnerability, Web Browsers, Patches, Security, Internet

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues.

Disclosure

Ryan Naraine

The most important disclosure is of my employment with Kaspersky Lab as a member of the global research and analysis team. Kaspersky Lab is a global company specializing in anti-malware and secure content management technologies. I do not own stocks or other investments in any technology company.

Biography

Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content management technologies.

Prior to joining Kaspersky Lab, Ryan was Editor-at-Large/Security at eWEEK, leading the magazine's and Web site's coverage of Internet and computer security issues and managing the popular SecurityWatch blog, covering the daily threats, vulnerabilities and IT security technologies. He also covered IT security, hacker attacks and secure content management topics for Jupiter Media's internetnetnews.com.

Ryan can be reached at naraine SHIFT 2 gmail.com. For daily updates on Ryan's activities, follow him on Twitter.

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?
Ask a Question Start a Discussion
6
Comments
Add Your Opinion

Join the conversation!

Just In

RE: Google spends $17,000 on Chrome browser vulnerabilities
sirnem 20th Sep
m2 pvp serverlar tan??t??m?? pvp serverler mt2 private servers metin2 pvp serverler metin2 games metin2 pvp serverlar
mt2 pvp servers pvp metin2 online games mt2 pvp m2 games servers metin2
private servers mt2 private server m2 private online game metin 2
g??zel s??zler roms guzel sozler
face 100 ifadeleri yemek tarifleri yemek tarifleri face guncel news face t He Facebook land facebook
games hiller metin2 hile games dowland metin2 indir

chat
mynet
sex
sex hikayeleri
View in thread
0 Votes
+ -
RE: Google spends $17,000 on Chrome browser vulnerabilities
Alexander2011 3rd Aug
When i view over 40 picture chrome can't open pictures .avant doesn't happen.This is a bug of chrome.
0 Votes
+ -
RE: Google spends $17,000 on Chrome browser vulnerabilities
Greg2bme 5th Aug
Since updating Google Chrome to version 13.0.782.107, it's been mostly sluggish and most times non responsive when trying to load pages. Something got broke.
0 Votes
+ -
RE: Google spends $17,000 on Chrome browser vulnerabilities
Cattleya.vns 13th Aug
Yes, Chrome 13 crash every time.
0 Votes
+ -
RE: Google spends $17,000 on Chrome browser vulnerabilities
whitenexus 13th Aug
@Cattleya.vns

I run the Alpha build (15.0.849.0) of Chrome and this thing rocks! It just keeps getting better and better with each version.
0 Votes
+ -
RE: Google spends $17,000 on Chrome browser vulnerabilities
Greg2bme 14th Aug
@whitenexus

How can the beta version of Google Chrome run better than the stable version of Google Chrome? That's backwards. Google needs to work harder on browser stability. Because Chrome starts off good, but then performance deteriorates after a while. And I hate when the built in flash gets nonresponsive and Google Chrome keeps asking me if I would like to stop it.
0 Votes
+ -
RE: Google spends $17,000 on Chrome browser vulnerabilities
sirnem 20th Sep
m2 pvp serverlar tan??t??m?? pvp serverler mt2 private servers metin2 pvp serverler metin2 games metin2 pvp serverlar
mt2 pvp servers pvp metin2 online games mt2 pvp m2 games servers metin2
private servers mt2 private server m2 private online game metin 2
g??zel s??zler roms guzel sozler
face 100 ifadeleri yemek tarifleri yemek tarifleri face guncel news face t He Facebook land facebook
games hiller metin2 hile games dowland metin2 indir

chat
mynet
sex
sex hikayeleri

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix