Google has fixed seven security vulnerabilities in its Chrome browser, including six high-priority flaws. The new release of Chrome is version 12.0.742.112 and also includes an updated version of Flash.
The latest version of Chrome is the third major update from the company since just the end of May, as Google has become very aggressive in fixing bugs in the browser as quickly as possible. In this release, the company paid out a total of $6,000 in rewards to researchers who reported bugs. A researcher named Miabuiz took home $4,500 of that total for reporting five separate vulnerabilities.
The new version of the browser comes less than two weeks after the company pushed out the previous update for Chrome. On June 16 Google fixed 15 security bugs in Chrome and also added a feature that enables users to delete Flash cookies in the same way that they can eliminate typical Web cookies.
The list of security bugs fixed in Chrome 12.0.742.112 is as follows:
- [$1000] [77493] Medium CVE-2011-2345: Out-of-bounds read in NPAPI string handling. Credit to Philippe Arteau.
- [$1000] [84355] High CVE-2011-2346: Use-after-free in SVG font handling. Credit to miaubiz.
- [$1000] [85003] High CVE-2011-2347: Memory corruption in CSS parsing. Credit to miaubiz.
- [$500] [85102] High CVE-2011-2350: Lifetime and re-entrancy issues in the HTML parser. Credit to miaubiz.
- [$500] [85177] High CVE-2011-2348: Bad bounds check in v8. Credit to Aki Helin of OUSPG.
- [$1000] [85211] High CVE-2011-2351: Use-after-free with SVG use element. Credit to miaubiz.
- [$1000] [85418] High CVE-2011-2349: Use-after-free in text selection. Credit to miaubiz.