Google Fixes Seven Flaws in New Chrome 14 Release

Google has fixed seven security vulnerabilities in its Chrome browser with a new release on Tuesday. Six of the bugs fixed in Chrome are rated high, with just one listed as critical. The company paid out $10,000 in bounties for the bugs it fixed in this release.

Chrome patchGoogle has fixed seven security vulnerabilities in its Chrome browser with a new release on Tuesday. Six of the bugs fixed in Chrome are rated high, with just one listed as critical. The company paid out $10,000 in bounties for the bugs it fixed in this release.

In addition to the security fixes, Google also included an updated version of the Flash player in Chrome, eliminating some security issues with the older version. The new version of Chrome is available for Windows, Mac OS X, Linux and Chrome Frame. Google also is working on a fix for the issue caused by Microsoft’s Security Essentials anti-malware program mistakenly identifying the browser file as a piece of malware, but it’s not clear whether that fix is included in the release of Chrome 14.0.835.202.

The one critical vulnerability fixed in the browser is a memory corruption bug in the shader translator in Chrome.

The list of security fixes includes:

  • [$1000] [93788] High CVE-2011-2876: Use-after-free in text line box handling. Credit to miaubiz.
  • [$1000] [95072] High CVE-2011-2877: Stale font in SVG text handling. Credit to miaubiz.
  • [$2000] [95671] High CVE-2011-2878: Inappropriate cross-origin access to the window prototype. Credit to Sergey Glazunov.
  • [96150] High CVE-2011-2879: Lifetime and threading issues in audio node handling. Credit to Google Chrome Security Team (Inferno).
  • [$4500] [97451] [97520] [97615] High CVE-2011-2880: Use-after-free in the v8 bindings. Credit to Sergey Glazunov.
  • [$1500] [97784] High CVE-2011-2881: Memory corruption with v8 hidden objects. Credit to Sergey Glazunov.
  • [98089] Critical CVE-2011-3873: Memory corruption in shader translator. Credit to Zhenyao Mo of the Chromium development community.

Suggested articles

Discussion

  • Anonymous on

    MS destroys Chrome - Not only did MS Essentials tell users that Chrome was malware, but my McAffee security software also told me it was malware. The Chrome support page gave instructions for how to overcome the MS Essentials issue, but that did not help me since I don't have MS Essentials. I uninstalled Chrome, then re-installed it. The Chrome icon sat on my desktop with a MS Security Shield sitting on top of it and would not allow me to launch the browswer! I tried to notify Chrome support of the issue, but did not see where to input this info. They are losing a lot of users if they don't fix this fast!

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.