Google has released Chrome 22, a major new version of its browser that includes a huge number of security fixes, many of them high-priority vulnerabilities. The company also handed out nearly $30,000 in rewards to security researchers, more than half of it to Sergey Glazunov, who discovered two especially severe bugs that the Chrome security team deemed worthy of special rewards.
Chrome 22 includes patches for 42 individual vulnerabilities and 15 of them are listed as high-severity flaws. There also is one critical vulnerability, which earned Glazunov an extraordinary $10,000 reward from Google. That vulnerability is a universal cross-site scripting bug in frame handling. Glazunov also discovered a UXSS in the V8 engine in Chrome that earned him $5,000.
Typically, Google’s top reward for security researchers is $3133.70, but the company’s security team recently announced that it would be giving out some higher rewards in special cases, such as when researchers find a bug that’s outside of Chrome or when the vulnerability is particularly severe.For Glazunov, a regular beneficiary of Google’s bug-bounty largess, this has already turned out to be a boon. Google also handed out a second $5,000 reward, this one to Eetu Luodemaa and Joni Vahamaki for a memory-corruption bug in the Windows kernel.
The full list of fixes in Chrome 22:
- [$5000] [146254] Critical CVE-2012-2897: Windows kernel memory corruption. Credit to Eetu Luodemaa and Joni Vähämäki, both from Documill.
And back to your regular scheduled rewards, including some at the new higher levels:
- [$10000] [143439] High CVE-2012-2889: UXSS in frame handling. Credit to Sergey Glazunov.
- [$5000] [143437] High CVE-2012-2886: UXSS in v8 bindings. Credit to Sergey Glazunov.
- [$2000] [139814] High CVE-2012-2881: DOM tree corruption with plug-ins. Credit to Chamal de Silva.
- [$1000] [135432] High CVE-2012-2876: Buffer overflow in SSE2 optimizations. Credit to Atte Kettunen of OUSPG.
- [$1000] [140803] High CVE-2012-2883: Out-of-bounds write in Skia. Credit to Atte Kettunen of OUSPG.
- [$1000] [143609] High CVE-2012-2887: Use-after-free in onclick handling. Credit to Atte Kettunen of OUSPG.
- [$1000] [143656] High CVE-2012-2888: Use-after-free in SVG text references. Credit to miaubiz.
- [$1000] [144899] High CVE-2012-2894: Crash in graphics context handling. Credit to Sławomir Błażek.
- [Mac only] [$1000] [145544] High CVE-2012-2896: Integer overflow in WebGL. Credit to miaubiz.
- [$500] [137707] Medium CVE-2012-2877: Browser crash with extensions and modal dialogs. Credit to Nir Moshe.
- [$500] [139168] Low CVE-2012-2879: DOM topology corruption. Credit to pawlkt.
- [$500] [141651] Medium CVE-2012-2884: Out-of-bounds read in Skia. Credit to Atte Kettunen of OUSPG.
- [132398] High CVE-2012-2874: Out-of-bounds write in Skia. Credit to Google Chrome Security Team (Inferno).
- [134955] [135488] [137106] [137288] [137302] [137547] [137556] [137606] [137635] [137880] [137928] [144579] [145079] [145121] [145163] [146462] Medium CVE-2012-2875: Various lower severity issues in the PDF viewer. Credit to Mateusz Jurczyk of Google Security Team, with contributions by Gynvael Coldwind of Google Security Team.
- [137852] High CVE-2012-2878: Use-after-free in plug-in handling. Credit to Fermin Serna of Google Security Team.
- [139462] Medium CVE-2012-2880: Race condition in plug-in paint buffer. Credit to Google Chrome Security Team (Cris Neckar).
- [140647] High CVE-2012-2882: Wild pointer in OGG container handling. Credit to Google Chrome Security Team (Inferno).
- [142310] Medium CVE-2012-2885: Possible double free on exit. Credit to the Chromium development community.
- [143798] [144072] [147402] High CVE-2012-2890: Use-after-free in PDF viewer. Credit to Mateusz Jurczyk of Google Security Team, with contributions by Gynvael Coldwind of Google Security Team.
- [144051] Low CVE-2012-2891: Address leak over IPC. Credit to Lei Zhang of the Chromium development community.
- [144704] Low CVE-2012-2892: Pop-up block bypass. Credit to Google Chrome Security Team (Cris Neckar).
- [144799] High CVE-2012-2893: Double free in XSL transforms. Credit to Google Chrome Security Team (Cris Neckar).
- [145029] [145157] [146460] High CVE-2012-2895: Out-of-bounds writes in PDF viewer. Credit to Mateusz Jurczyk of Google Security Team, with contributions by Gynvael Coldwind of Google Security Team.