Google has 12 vulnerabilities in Chrome, including seven high-risk flaws. The new release of Chrome also includes an updated version of the Adobe Flash player.
This is the second update for Chrome in the last few days from Google. The company updates its browser on a rolling basis, pushing out a new release whenever there’s sufficient volume of security issues to address or when there’s a high-priority vulnerability that warrants a quick fix. As part of its bug bounty program, Google paid out $6,000 in rewards to researchers who reported vulnerabilities to the company. Among the researchers who qualified this time around are Sergey Glazunov and Miaubiz, both of whom regularly get payouts from Google for their research.
The security fixes included in the latest Chrome release are:
[$500] [106577] Medium CVE-2011-3066: Out-of-bounds read in Skia clipping. Credit to miaubiz.
[117583] Medium CVE-2011-3067: Cross-origin iframe replacement. Credit to Sergey Glazunov.
[$1000] [117698] High CVE-2011-3068: Use-after-free in run-in handling. Credit to miaubiz.
[$1000] [117728] High CVE-2011-3069: Use-after-free in line box handling. Credit to miaubiz.
[118185] High CVE-2011-3070: Use-after-free in v8 bindings. Credit to Google Chrome Security Team (SkyLined).
[118273] High CVE-2011-3071: Use-after-free in HTMLMediaElement. Credit to pa_kt, reporting through HP TippingPoint ZDI (ZDI-CAN-1528).
[118467] Low CVE-2011-3072: Cross-origin violation parenting pop-up window. Credit to Sergey Glazunov.
[$1000] [118593] High CVE-2011-3073: Use-after-free in SVG resource handling. Credit to Arthur Gerkis.
[$500] [119281] Medium CVE-2011-3074: Use-after-free in media handling. Credit to Sławomir Błażek.
[$1000] [119525] High CVE-2011-3075: Use-after-free applying style command. Credit to miaubiz.
[$1000] [120037] High CVE-2011-3076: Use-after-free in focus handling. Credit to miaubiz.
[120189] Medium CVE-2011-3077: Read-after-free in script bindings. Credit to Google Chrome Security Team (Inferno).
