Google has fixed several serious vulnerabilities in its Chrome browser, including a critical use-after-free flaw in the Safe Browsing navigation. The company paid out its highest bug bounty of $3133.70 for that bug.
Among the other vulnerabilities Google fixed were four high-severity ones, including two other use-after-free vulnerabilities. Three of those other flaws earned $1,000 rewards for the researchers who reported them. The other one was reported through TippingPoint’s Zero Day Initiative.
The full list of vulnerabilities fixed in Chrome 16.0.912.77 includes:
- [$1000] [106484] High CVE-2011-3924: Use-after-free in DOM selections. Credit to Arthur Gerkis.
- [$3133.7] [107182] Critical CVE-2011-3925: Use-after-free in Safe Browsing navigation. Credit to Chamal de Silva. *
- [108461] High CVE-2011-3928: Use-after-free in DOM handling. Credit to wushi of team509 reported through ZDI (ZDI-CAN-1415).
- [$1000] [108605] High CVE-2011-3927: Uninitialized value in Skia. Credit to miaubiz.
- [$1000] [109556] High CVE-2011-3926: Heap-buffer-overflow in tree builder. Credit to Arthur Gerkis.
The use-after-free flaw in the Safe Browsing navigation actually was fixed in a previous version of Chrome, but Google officials forgot to include it in the release notes at that point.