Google has fixed nine new vulnerabilities in its Chrome browser, including six high-risk flaws. The most serious of the bugs include three separate use-after-free vulnerabilities in various parts of the browser.
As part of its researcher reward program, Google paid out $5,500 in bounties for vulnerabilities that researchers reported directly to the company. Three of the vulnerabilities fixed in Chrome 17 were reported by Sergey Glazunov and an unnamed researcher who goes by the handle PinkiePie, each of whom took home $60,000 rewards during Google’s Pwnium contest at CanSecWest earlier this month. The $5,500 paid out to researchers this time around is one of the lower totals that Google has paid in the last couple of years.
The full list of vulnerabilities fixed in Chrome is:
[$1000] [113902] High CVE-2011-3050: Use-after-free with first-letter handling. Credit to miaubiz.
[116162] High CVE-2011-3045: libpng integer issue from upstream. Credit to Glenn Randers-Pehrson of the libpng project.
[$1000] [116461] High CVE-2011-3051: Use-after-free in CSS cross-fade handling. Credit to Arthur Gerkis.
[116637] High CVE-2011-3052: Memory corruption in WebGL canvas handling. Credit to Ben Vanik of Google.
[$1000] [116746] High CVE-2011-3053: Use-after-free in block splitting. Credit to miaubiz.
[117418] Low CVE-2011-3054: Apply additional isolations to webui privileges. Credit to Sergey Glazunov.
[117736] Low CVE-2011-3055: Prompt in the browser native UI for unpacked extension installation. Credit to PinkiePie.
[$2000] [117550] High CVE-2011-3056: Cross-origin violation with “magic iframe”. Credit to Sergey Glazunov.
[$500] [117794] Medium CVE-2011-3057: Invalid read in v8. Credit to Christian Holler.