Business
Google patches another wave of Chrome browser holes
Google pays $8,500 in bounties for information on serious security vulnerabilities in the Chrome browser.
The company released Chrome 13.0.782.215 for Linux, Mac, Windows, and Chrome Frame to address multiple vulnerabilities, some serious enough to expose users to code execution attacks.
The most serious flaw, discovered by British researcher Michael Braithwaite, was described simply as "memory corruption in vertex handing." It only affects Windows users.
Here's the full list of the vulnerabilities patched with the latest Chrome browser release.
- [$1000] [Windows only] [72492] Medium CVE-2011-2822: URL parsing confusion on the command line. Credit to Vladimir Vorontsov, ONsec company.
- [82552] High CVE-2011-2823: Use-after-free in line box handling. Credit to Google Chrome Security Team (SkyLined) and independent later discovery by miaubiz.
- [$1000] [88216] High CVE-2011-2824: Use-after-free with counter nodes. Credit to miaubiz.
- [88670] High CVE-2011-2825: Use-after-free with custom fonts. Credit to wushi of team509 reported through ZDI (ZDI-CAN-1283), plus indepdendent later discovery by miaubiz.
- [$1000] [89402] High CVE-2011-2821: Double free in libxml XPath handling. Credit to Yang Dingning from NCNIPC, Graduate University of Chinese Academy of Sciences.
- [$1000] [87453] High CVE-2011-2826: Cross-origin violation with empty origins. Credit to Sergey Glazunov.
- [$1337] [Windows only] [89836] Critical CVE-2011-2806: Memory corruption in vertex handing. Credit to Michael Braithwaite of Turbulenz Limited.
- [$1000] [90668] High CVE-2011-2827: Use-after-free in text searching. Credit to miaubiz.
- [91517] High CVE-2011-2828: Out-of-bounds write in v8. Credit to Google Chrome Security Team (SkyLined).
- [$1500] [32-bit only] [91598] High CVE-2011-2829: Integer overflow in uniform arrays. Credit to Sergey Glazunov.
- [$1000] [Linux only] [91665] High CVE-2011-2839: Buggy memset() in PDF. Credit to Aki Helin of OUSPG.