Google Fixes 15 Bugs in Chrome, Gives Users Ability to Delete Flash Cookies

Google has fixed more than a dozen security bugs in its Chrome browser, including five high-severity vulnerabilities and one that qualified for the company’s highest bug bounty, a $3133.7 reward.

Chrome patchGoogle has fixed more than a dozen security bugs in its Chrome browser, including five high-severity vulnerabilities and one that qualified for the company’s highest bug bounty, a $3133.7 reward.

The new version of Chrome has fixes for 15 separate security vulnerabilities, the most critical of which is a same origin bypass in v8, the JavaScript engine in Chrome. That bug, along with several others fixed in this release, was discovered and reported by researcher Sergey Glazunov. The v8 vulnerability earned him a payout of $3133.7 under Google’s reward program, and Glazunov also reported two other bugs, each of which qualified for $1,000 rewards.

The new version of Chrome also gives users the ability to delete Flash cookies in the same manner in which they are able to delete other Web cookies. It also has new functionality that helps prevent the download of malicious files through the Safe Browsing feature.

Google’s Chrome team said that the bug in the v8 engine that Glazunov reported was particularly interesting.

We’d
also like to call particular attention to Sergey Glazunov’s $3133.7
reward. Although the linked bug is not of critical severity, it was
accompanied by a beautiful chain of lesser severity bugs which
demonstrated critical impact. It deserves a more detailed write-up at a
later date,” Google’s Jason Kersey said in a blog post.

The full list of vulnerabilities fixed in Chrome 12.0.742.91 includes:

  • [$2000] [73962] [79746] High CVE-2011-1808: Use-after-free due to integer issues in float handling. Credit to miaubiz.
  • [75496] Medium CVE-2011-1809: Use-after-free in accessibility support. Credit to Google Chrome Security Team (SkyLined).
  • [75643] Low CVE-2011-1810: Visit history information leak in CSS. Credit to Jesse Mohrland of Microsoft and Microsoft Vulnerability Research (MSVR).
  • [76034] Low CVE-2011-1811: Browser crash with lots of form submissions. Credit to “DimitrisV22”.
  • [$1337] [77026] Medium CVE-2011-1812: Extensions permission bypass. Credit to kuzzcc.
  • [78516] High CVE-2011-1813: Stale pointer in extension framework. Credit to Google Chrome Security Team (Inferno).
  • [79362] Medium CVE-2011-1814: Read from uninitialized pointer. Credit to Eric Roman of the Chromium development community.
  • [79862] Low CVE-2011-1815: Extension script injection into new tab page. Credit to kuzzcc.
  • [80358] Medium CVE-2011-1816: Use-after-free in developer tools. Credit to kuzzcc.
  • [$500] [81916] Medium CVE-2011-1817: Browser memory corruption in history deletion. Credit to Collin Payne.
  • [$1000] [81949] High CVE-2011-1818: Use-after-free in image loader. Credit to miaubiz.
  • [$1000] [83010] Medium CVE-2011-1819: Extension injection into chrome:// pages. Credit to Vladislavas Jarmalis, plus subsequent independent discovery by Sergey Glazunov.
  • [$3133.7] [83275] High CVE-2011-2332: Same origin bypass in v8. Credit to Sergey Glazunov.
  • [$1000] [83743] High CVE-2011-2342: Same origin bypass in DOM. Credit to Sergey Glazunov.


Suggested articles