Just a few days after releasing a fairly large set of patches for its Chrome browser, Google has pushed out another update, fixing 13 vulnerabilities, more than half of them being high-severity bugs.
The newest version of Chrome also includes an updated version of Adobe Flash that has a fix for a serious zero-day vulnerability. Adobe patched that flaw on Wednesday, and Google included the updated version of Flash in the fixes it pushed out yesterday, as well. As part of its bug bounty program, Google paid out more than $6,800 in rewards to researchers who reported flaws to the company. Several of the other flaws that didn’t qualify for a reward were discovered by members of Google’s internal security team.
Here’s the lst of fixes in Chrome 17.0.963.56:
- [105803] High CVE-2011-3015: Integer overflows in PDF codecs. Credit to Google Chrome Security Team (scarybeasts).
- [$500] [106336] Medium CVE-2011-3016: Read-after-free with counter nodes. Credit to miaubiz.
- [$1000] [108695] High CVE-2011-3017: Possible use-after-free in database handling. Credit to miaubiz.
- [$1000] [110172] High CVE-2011-3018: Heap overflow in path rendering. Credit to Aki Helin of OUSPG.
- [110849] High CVE-2011-3019: Heap buffer overflow in MKV handling. Credit to Google Chrome Security Team (scarybeasts) and Mateusz Jurczyk of the Google Security Team.
- [111575] Medium CVE-2011-3020: Native client validator error. Credit to Nick Bray of the Chromium development community.
- [$1000] [111779] High CVE-2011-3021: Use-after-free in subframe loading. Credit to Arthur Gerkis.
- [112236] Medium CVE-2011-3022: Inappropriate use of http for translation script. Credit to Google Chrome Security Team (Jorge Obes).
- [$500] [112259] Medium CVE-2011-3023: Use-after-free with drag and drop. Credit to pa_kt.
- [112451] Low CVE-2011-3024: Browser crash with empty x509 certificate. Credit to chrometot.
- [$500] [112670] Medium CVE-2011-3025: Out-of-bounds read in h.264 parsing. Credit to Sławomir Błażek.
- [$1337] [112822] High CVE-2011-3026: Integer overflow / truncation in libpng. Credit to Jüri Aedla.
- [$1000] [112847] High CVE-2011-3027: Bad cast in column handling. Credit to