Google Fixes Three High-Priority Bugs in Chrome

Author: Dennis Fisher
minute read

Google has released a new version of its Chrome browser, fixing just a small handful of vulnerabilities in the process. All three of the bugs fixed in Chrome were rated high.

Google has released a new version of its Chrome browser, fixing just a small handful of vulnerabilities in the process. All three of the bugs fixed in Chrome were rated high.

The release by Google is a pretty small one by the company’s standards. Often, new versions of Chrome will include fixes for 12 or 15 or more vulnerabilities, many of them rated critical. However, version 16.0.912.75 includes just three patches. As part of its reward program, Google paid out just $2,000 in bug bounties to two researchers who reported bugs fixed in this release. The third vulnerability was found by someone on the Google Chrome Security Team.

Interestingly, one of the vulnerabilities was discovered and reported by someone from Mozilla.

The fixes in Chrome include:

  • [$1000] [106672] High CVE-2011-3921: Use-after-free in animation frames. Credit to Boris Zbarsky of Mozilla.
  • [$1000] [107128] High CVE-2011-3919: Heap-buffer-overflow in libxml. Credit to Jüri Aedla.
  • [108006] High CVE-2011-3922: Stack-buffer-overflow in glyph handling. Credit to Google Chrome Security Team (Cris Neckar).

Google also has released a beta version of Chrome 17, the next major version of the browser. The company doesn’t do big, rolled-up releases the way that Mozilla and Microsoft do, but Chrome 17 will include some new security features and other improvements. The main security upgrade is a change to the way that the Safe Browsing system in Chrome works. The current version of Safe Browsing is designed to protect users against drive-by downloads and malicious links on sites. The new one in Chrome 17 also will run a check on executables and other files downloaded from the Web.

“To help protect you against malicious downloads, Chrome now includes expanded functionality to analyze executable files (such as ‘.exe’ and ‘.msi’ files) that you download. If a file you download is known to be bad, or is hosted on a website that hosts a relatively high percentage of malicious downloads, Chrome will warn you that the file appears to be malicious and that you should discard it. We’re starting small with this initial Beta release, but we’ll be ramping up coverage for more and more malicious files in the coming months,” Dominic Hamon of Google wrote in a blog post.

Suggested articles

Cybersecurity for your growing business
Cybersecurity for your growing business

Topics

Show all

Authors

Threatpost

InfoSec Insider

Infosec Insider Post

Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.

Sponsored

Sponsored Content

Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.