Google fixes five flaws in Chrome 18

Google Chrome version 18.0.1025.168 is out, fixing five security vulnerabilities in the browser. This is a security update release, meaning no new features have been added. You should still update.

Google has released a new version of Chrome 18 that fixes three high-severity flaws and two medium-severity flaws. You can update to the latest version using the software's built-in silent updater, or you can download the latest version of Chrome directly from

Here are the five security vulnerabilities fixed in Google Chrome 18.0.1025.168:

  • [106413] High CVE-2011-3078: Use after free in floats handling. Credit to Google Chrome Security Team (Marty Barbella) and independent later discovery by miaubiz.
  • [117110] High CVE-2012-1521: Use after free in xml parser. Credit to Google Chrome Security Team (SkyLined) and independent later discovery by  wushi of team509 reported through iDefense VCP (V-874rcfpq7z).
  • [117627] Medium CVE-2011-3079: IPC validation failure. Credit to PinkiePie.
  • [121726] Medium CVE-2011-3080: Race condition in sandbox IPC. Credit to Willem Pinckaers of Matasano.
  • [$1000] [121899] High CVE-2011-3081: Use after free in floats handling. Credit to miaubiz.

This round of patches in Google Chrome is one of the rare occasions when the company didn't have to write many cheques to reward researchers who reported vulnerabilities. Only the last bug, a use-after-free flaw, earned a reward of $1,000. Miaubiz has netted quite a number of bug bounties from Google in the last couple of years.

The $1,000 pay out is really just a drop in the bucket for Google given that the search giant recently quintupled its maximum bug bounty to $20,000. The company has so far received over 780 qualifying vulnerability reports that span across the hundreds of Google-developed services, as well as the software written by 50 or so firms it has acquired. In just over a year, the program has paid out around $460,000 to roughly 200 individuals.

See also:


You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All