February 16, 2012, 2:47PM
Google Fixes 13 Flaws in Chrome
Comment 
Just a few days after releasing a fairly large set of patches for its Chrome browser, Google has pushed out another update, fixing 13 vulnerabilities, more than half of them being high-severity bugs.
The newest version of Chrome also includes an updated version of Adobe Flash that has a fix for a serious zero-day vulnerability. Adobe patched that flaw on Wednesday, and Google included the updated version of Flash in the fixes it pushed out yesterday, as well. As part of its bug bounty program, Google paid out more than $6,800 in rewards to researchers who reported flaws to the company. Several of the other flaws that didn't qualify for a reward were discovered by members of Google's internal security team.
Here's the lst of fixes in Chrome 17.0.963.56:
- [105803] High CVE-2011-3015: Integer overflows in PDF codecs. Credit to Google Chrome Security Team (scarybeasts).
- [$500] [106336] Medium CVE-2011-3016: Read-after-free with counter nodes. Credit to miaubiz.
- [$1000] [108695] High CVE-2011-3017: Possible use-after-free in database handling. Credit to miaubiz.
- [$1000] [110172] High CVE-2011-3018: Heap overflow in path rendering. Credit to Aki Helin of OUSPG.
- [110849] High CVE-2011-3019: Heap buffer overflow in MKV handling. Credit to Google Chrome Security Team (scarybeasts) and Mateusz Jurczyk of the Google Security Team.
- [111575] Medium CVE-2011-3020: Native client validator error. Credit to Nick Bray of the Chromium development community.
- [$1000] [111779] High CVE-2011-3021: Use-after-free in subframe loading. Credit to Arthur Gerkis.
- [112236] Medium CVE-2011-3022: Inappropriate use of http for translation script. Credit to Google Chrome Security Team (Jorge Obes).
- [$500] [112259] Medium CVE-2011-3023: Use-after-free with drag and drop. Credit to pa_kt.
- [112451] Low CVE-2011-3024: Browser crash with empty x509 certificate. Credit to chrometot.
- [$500] [112670] Medium CVE-2011-3025: Out-of-bounds read in h.264 parsing. Credit to Sławomir Błażek.
- [$1337] [112822] High CVE-2011-3026: Integer overflow / truncation in libpng. Credit to Jüri Aedla.
- [$1000] [112847] High CVE-2011-3027: Bad cast in column handling. Credit to
Recommended Reads
Commenting on this Article is closed.
Today's Most Popular
- Defense Contractor Northrop Grumman Hiring For Offensive Cyber Ops
- Iranian Students Claim to have Stolen Thousands of Researcher's Records
- Report: Diablo III Users Find Accounts Hacked, Gold Stolen And New 'Mystery' Friends
- Why Google Won't Protect You From Big Brother
- Forget 'Brogrammers,' Women Have The Edge In DEFCON Social Engineering Contest
Most Commented Stories
-
Forget 'Brogrammers,' Women Have The Edge In DEFCON Social Engineering Contest (9)
-
Defense Contractor Northrop Grumman Hiring For Offensive Cyber Ops (9)
-
HULK DDoS Tool Smash Web Server, Server Fall Down (3)
-
Author of LilyJade Facebook Plugin Ignores Facebook Cease-and-Desist (3)
-
Report: Diablo III Users Find Accounts Hacked, Gold Stolen And New 'Mystery' Friends (2)
Newsletter Sign-up
Take Our Poll
The Internet Crime Complaint Center recently warned of malware targeting travelers connecting to Wi-Fi. When traveling, do you
Connect to anything
20%
Only connect to password-protected, secure connections
38%
Only use websites with HTTPS
28%
I don’t pay attention to how I access the internet while traveling
14%
Total votes: 65
Follow Threatpost
 |  |  |  |
| Tumblr |
