Google has fixed a couple of security vulnerabilities in its Chrome browser, including a high-risk use-after-free bug and a problem in the way that the Apple OS X driver for some Intel GPUs handles rendering.
The biggest fix in Chrome 23 is a patch for the use-after-free vulnerability in the Chrome SVG filters. That vulnerability brought home a $1,000 reward for Miaubiz, a frequent contributor to Google’s bug bounty program. The company also repaired a buffer underflow in libxml, a medium-risk vulnerability that earned a researcher named Atte Kettunen a $500 reward.
Google recently has been handing out some rewards for researchers who report vulnerabilities in non-Chrome components, and this time around one of those went to a researcher named Justin Drake, who found the problem with rendering in the OS X driver for Intel GPUs.
Here’s the full list of bugs fixed in Chrome 23.0.1271.91:
- [$1000] [152746] High CVE-2012-5131: Corrupt rendering in the Apple OSX driver for Intel GPUs. Credit to Justin Drake.
And back to your regular scheduled rewards:
[$1000] [156567] High CVE-2012-5133: Use-after-free in SVG filters. Credit to miaubiz.
- [$500] [148638] Medium CVE-2012-5130: Out-of-bounds read in Skia. Credit to Atte Kettunen of OUSPG.
- [155711] Low CVE-2012-5132: Browser crash with chunked encoding. Credit to Attila Szász.
- [158249] High CVE-2012-5134: Buffer underflow in libxml. Credit to Google Chrome Security Team (Jüri Aedla).
- [159165] Medium CVE-2012-5135: Use-after-free with printing. Credit to Fermin Serna of Google Security Team.
- [159829] Medium CVE-2012-5136: Bad cast in input element handling. Credit to Google Chrome Security Team (Inferno).
