New Version of Google Chrome Fixes Flash Bug, Three Critical GPU Flaws

Google has released a new version of its Chrome browser that includes not only an updated version of Adobe Flash that fixes a critical bug, but also patches for three critical vulnerabilities in the browser’s GPU process.

Chrome patchGoogle has released a new version of its Chrome browser that includes not only an updated version of Adobe Flash that fixes a critical bug, but also patches for three critical vulnerabilities in the browser’s GPU process.

The new version of Chrome, which is version 10.0.648.205, includes the first public fix for the Adobe Flash vulnerability that the company disclosed earlier this week. Adobe and Google collaborate closely on integrating new versions of Flash into Chrome as quickly as possible, and the release Thursday of Chrome beats Adobe’s own patch for Flash by a full day. Adobe is scheduled to release a patch for the Flash bug on most platforms today.

The three critical vulnerabilities that Google fixed in the new version of Chrome all are related to the graphics processing unit (GPU) process in the browser. Google paid out $1,500 in bug bounties for two of the flaws. The vulnerabilities are:

  • [$500] [Windows only] [70070] Critical CVE-2011-1300: Off-by-three in GPU process. Credit to yuri.ko616.
  • [75629] Critical CVE-2011-1301: Use-after-free in the GPU process. Credit to Google Chrome Security Team (Inferno).
  • [$1000] [78524] Critical CVE-2011-1302: Heap overflow in the GPU process. Credit to Christoph Diehl.

Google won’t release the details of the three GPU process flaws until the company believes that most of the Chrome user base has installed the new version.

Suggested articles

Discussion

  • Anonymous on

    Rustock operators can create a similar botnet by retaking control of those infected computers, but according to Kaspersky Lab research, this has yet to occur. protocol on Windows  officials and industry leaders.mostly in China and the U.S., but Cheap Air Max also in Hong Kong and Singapore as well. The  Air Max 2011 victims include the gaming sites and online stores Air Max Tailwind common targets of DDOS attacks, which are used to knock the sites offline and extract protection payments from site operators.Air Max 24-7 But JKDDOS is also targeting large investment firms,

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.