New Version of Chrome Fixes Four Security Bugs

Google on Wednesday pushed out a new version of its Chrome browser to users, a release that fixes four security bugs, including two critical vulnerabilities.

Google on Wednesday pushed out a new version of its Chrome browser to users, a release that fixes four security bugs, including two critical vulnerabilities.

Only one of the bugs fixed in Chrome 11.0.696.71 qualified for the company’s bug bounty program, a high-severity problem caused by a stale pointer. That vulnerability earned the researcher who reported it, Martin Barbella, a $1,000 reward. The vulnerabilities fixed in this release include:

  • [72189] Low CVE-2011-1801: Pop-up blocker bypass. Credit to Chamal De Silva.
  • [$1000] [82546] High CVE-2011-1804: Stale pointer in floats rendering. Credit to Martin Barbella.
  • [82873] Critical CVE-2011-1806: Memory corruption in GPU command buffer. Credit to Google Chrome Security Team (Cris Neckar).
  • [82903] Critical CVE-2011-1807: Out-of-bounds write in blob handling. Credit to Google Chrome Security Team (Inferno) and Kostya Serebryany of the Chromium development community.

Google has been on a quick release schedule for Chrome for some time now, and the company has been able to fix vulnerabilities and other problems very quickly. Google has released several new versions of Chrome in just the last month, fixing more than two dozen security vulnerabilities in the process. Mozilla officials have said that it plans to move Firefox to a similar release schedule soon, and that the next version of the browser will be the last major release of that kind.

Suggested articles

Discussion

  • Anonymous on

    earning prizes and awards, in addition to various forms of recognition from ceremonies to meet and greets with governm ent officials and industry leaders.mostly in China and the U.S., but Cheap Air Max also in Hong Kong and Singapore as well. The  Air Max 2011 victims include the gaming sites and online stores Air Max Tailwind common targets of DDOS attacks, which are used to knock the sites offline and extract protection payments from site operators.Air Max 24-7 But JKDDOS is also targeting large investment firms,

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.