Google Patches 13 Flaws in Chrome 19

Author: Dennis Fisher
minute read

Just a few days after releasing Chrome 19, Google has updated the browser again, fixing 13 vulnerabilities, including two critical bugs. 

Just a few days after releasing Chrome 19, Google has updated the browser again, fixing 13 vulnerabilities, including two critical bugs. 

The two critical vulnerabilities that Google fixed in Chrome 19 are a use-after-free flaw in the browser cache and a memory corruption problem in the browser’s use of websockets over SSL. There also are nine high-severity vulnerabilities fixed in the latest version of the browser. The company paid out nearly $5,000 in rewards to researchers who reported vulnerabilities to Google as part of its bug bounty program.

The full list of bugs fixed in Chrome 19:

  • [117409] High CVE-2011-3103: Crashes in v8 garbage collection. Credit to the Chromium development community (Brett Wilson).
  • [118018] Medium CVE-2011-3104: Out-of-bounds read in Skia. Credit to Google Chrome Security Team (Inferno).
  • [$1000] [120912] High CVE-2011-3105: Use-after-free in first-letter handling. Credit to miaubiz.
  • [122654] Critical CVE-2011-3106: Browser memory corruption with websockets over SSL. Credit to the Chromium development community (Dharani Govindan).
  • [124625] High CVE-2011-3107: Crashes in the plug-in JavaScript bindings. Credit to the Chromium development community (Dharani Govindan).
  • [$1337] [125159] Critical CVE-2011-3108: Use-after-free in browser cache. Credit to “efbiaiinzinz”.
  • [Linux only] [$1000] [126296] High CVE-2011-3109: Bad cast in GTK UI. Credit to Micha Bartholomé.
  • [126337] [126343] [126378] [127349] [127819] [127868] High CVE-2011-3110: Out of bounds writes in PDF. Credit to Mateusz Jurczyk of the Google Security Team, with contributions by Gynvael Coldwind of the Google Security Team.
  • [$500] [126414] Medium CVE-2011-3111: Invalid read in v8. Credit to Christian Holler.
  • [127331] High CVE-2011-3112: Use-after-free with invalid encrypted PDF. Credit to Mateusz Jurczyk of the Google Security Team, with contributions by Gynvael Coldwind of the Google Security Team.
  • [127883] High CVE-2011-3113: Invalid cast with colorspace handling in PDF. Credit to Mateusz Jurczyk of the Google Security Team, with contributions by Gynvael Coldwind of the Google Security Team.
  • [128014] High CVE-2011-3114: Buffer overflows with PDF functions. Credit to Google Chrome Security Team (scarybeasts).
  • [$1000] [128018] High CVE-2011-3115: Type corruption in v8. Credit to Christian Holler.

Suggested articles

Cybersecurity for your growing business
Cybersecurity for your growing business

Topics

Show all

Authors

Threatpost

InfoSec Insider

Infosec Insider Post

Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.

Sponsored

Sponsored Content

Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.