Google Chrome Stable Updated, Security Fixes

This sounds like a pretty important update, security-wise …

Yesterday Google released a new Google Chrome stable version bringing the version to 8.0.552.237 on all platforms. The release fixes several security vulnerabilities which makes it a mandatory update for all Chrome users.

The Chrome blog lists 16 different vulnerabilities that have been fixed in the new version of which one received the highest rating critical and 13 of high. The researcher who discovered the critical vulnerability has received the first “elite” Chromium Security Reward which comes with a $3133.7 payment.

The list of fixed vulnerabilities:

  • [58053] Medium Browser crash in extensions notification handling. Credit to Eric Roman of the Chromium development community.
  • [$1337] [65764] High Bad pointer handling in node iteration. Credit to Sergey Glazunov.
  • [66334] High Crashes when printing multi-page PDFs. Credit to Google Chrome Security Team (Chris Evans).
  • [$1000] [66560] High Stale pointer with CSS + canvas. Credit to Sergey Glazunov.
  • [$500] [66748] High Stale pointer with CSS + cursors. Credit to Jan Tošovský.
  • [67100] High Use after free in PDF page handling. Credit to Google Chrome Security Team (Chris Evans).
  • [$1000] [67208] High Stack corruption after PDF out-of-memory condition. Credit to Jared Allar of CERT.
  • [$1000] [67303] High Bad memory access with mismatched video frame sizes. Credit to Aki Helin of OUSPG; plus independent discovery by Google Chrome Security Team (SkyLined) and David Warren of CERT.
  • [$500] [67363] High Stale pointer with SVG use element. Credited anonymously; plus indepdent discovery by miaubiz.
  • [$1000] [67393] Medium Uninitialized pointer in the browser triggered by rogue extension. Credit to kuzzcc.
  • [$1000] [68115] High Vorbis decoder buffer overflows. Credit to David Warren of CERT.
  • [$1000] [68170] High Buffer overflow in PDF shading. Credit to Aki Helin of OUSPG.
  • [$1000] [68178] High Bad cast in anchor handling. Credit to Sergey Glazunov.
  • [$1000] [68181] High Bad cast in video handling. Credit to Sergey Glazunov.
  • [$1000] [68439] High Stale rendering node after DOM node removal. Credit to Martin Barbella; plus independent discovery by Google Chrome Security Team (SkyLined).
  • [$3133.7] [68666] Critical Stale pointer in speech handling. Credit to Sergey Glazunov.

It is recommended to update the web browser as soon as possible to protect it and the underlying operating system from possible exploits. Chrome users can either check for updates by clicking on the Wrench icon and selecting About Google Chrome or visit the official download page to download the latest Google Chrome version.


© Martin for gHacks Technology News, 2011. | Permalink | Add to del.icio.us, digg, facebook, reddit, twitter
Post tags: , , , ,

Link to Original Content

Tags: , , , ,

Comments are closed.