Google Repairs High-Risk Flaw in Chrome

Google has fixed a couple of security vulnerabilities in its Chrome browser, including a high-risk use-after-free bug and a problem in the way that the Apple OS X driver for some Intel GPUs handles rendering.

Google has fixed a couple of security vulnerabilities in its Chrome browser, including a high-risk use-after-free bug and a problem in the way that the Apple OS X driver for some Intel GPUs handles rendering.

The biggest fix in Chrome 23 is a patch for the use-after-free vulnerability in the Chrome SVG filters. That vulnerability brought home a $1,000 reward for Miaubiz, a frequent contributor to Google’s bug bounty program. The company also repaired a buffer underflow in libxml, a medium-risk vulnerability that earned a researcher named Atte Kettunen a $500 reward.Chrome patch

Google recently has been handing out some rewards for researchers who report vulnerabilities in non-Chrome components, and this time around one of those went to a researcher named Justin Drake, who found the problem with rendering in the OS X driver for Intel GPUs. 

Here’s the full list of bugs fixed in Chrome 23.0.1271.91:

  • [$1000] [152746] High CVE-2012-5131: Corrupt rendering in the Apple OSX driver for Intel GPUs. Credit to Justin Drake.

And back to your regular scheduled rewards:
[$1000] [156567] High CVE-2012-5133: Use-after-free in SVG filters. Credit to miaubiz.

  • [$500] [148638] Medium CVE-2012-5130: Out-of-bounds read in Skia. Credit to Atte Kettunen of OUSPG.
  • [155711] Low CVE-2012-5132: Browser crash with chunked encoding. Credit to Attila Szász.
  • [158249] High CVE-2012-5134: Buffer underflow in libxml. Credit to Google Chrome Security Team (Jüri Aedla).
  • [159165] Medium CVE-2012-5135: Use-after-free with printing. Credit to Fermin Serna of Google Security Team.
  • [159829] Medium CVE-2012-5136: Bad cast in input element handling. Credit to Google Chrome Security Team (Inferno).

Suggested articles

Discussion

  • Anonymous on

    I thought I was still using chrome 22, just checked it and chrome has update itself quitely.That good.firefox has autoupdate feature too. Now the only browser I need to care is Avant, I should update it manually evertytime. That's frustrating.

  • Anonymous on

    we naews dr

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.