Google Chrome Stable Security Update to Version 11

I’m not so excited about the “highest browser version number crown,” but the added security features sound like this is well worth the download …

Google has just updated the Google Chrome Stable channel to version 11. This is a landmark considering that the stable branch of the browser is now sharing the “highest-browser-version-crown” with Opera Software’s Opera browser.

More important than the version bump to 11 are the security updates that have been implemented in the browser. A total of 25 different security issues have been resolved in Google Chrome 11. Of those, 16 have received a severity rating of high, the second highest. A further six have received a rating of medium and the remaining three one of low. No security issue has been rated as critical, the highest available rating for security vulnerabilities.

Several of the security vulnerabilities are affecting only the Macintosh or Linux versions of Chrome.

  • [61502] High CVE-2011-1303: Stale pointer in floating object handling.
  • [70538] Low CVE-2011-1304: Pop-up block bypass via plug-ins.
  • [Linux / Mac only] [70589] Medium CVE-2011-1305: Linked-list race in database handling.
  • [71586] Medium CVE-2011-1434: Lack of thread safety in MIME handling.
  • [72523] Medium CVE-2011-1435: Bad extension with ‘tabs’ permission can capture local files.
  • [Linux only] [72910] Low CVE-2011-1436: Possible browser crash due to bad interaction with X.
  • [73526] High CVE-2011-1437: Integer overflows in float rendering.
  • [74653] High CVE-2011-1438: Same origin policy violation with blobs.
  • [Linux only] [74763] High CVE-2011-1439: Prevent interference between renderer processes.
  • [75186] High CVE-2011-1440: Use-after-free with tag and CSS.
  • [75347] High CVE-2011-1441: Bad cast with floating select lists.
  • [75801] High CVE-2011-1442: Corrupt node trees with mutation events.
  • [76001] High CVE-2011-1443: Stale pointers in layering code.
  • [Linux only] [76542] High CVE-2011-1444: Race condition in sandbox launcher.
  • [76646] Medium CVE-2011-1445: Out-of-bounds read in SVG.
  • [76666] [77507] [78031] High CVE-2011-1446: Possible URL bar spoofs with navigation errors and interrupted loads.
  • [76966] High CVE-2011-1447: Stale pointer in drop-down list handling.
  • [77130] High CVE-2011-1448: Stale pointer in height calculations.
  • [77346] High CVE-2011-1449: Use-after-free in WebSockets.
  • [77349] Low CVE-2011-1450: Dangling pointers in file dialogs.
  • [77463] High CVE-2011-1451: Dangling pointers in DOM id map.
  • [77786] Medium CVE-2011-1452: URL bar spoof with redirect and manual reload.
  • [79199] High CVE-2011-1454: Use-after-free in DOM id handling.
  • [79361] Medium CVE-2011-1455: Out-of-bounds read with multipart-encoded PDF.
  • [79364] High CVE-2011-1456: Stale pointers with PDF forms.

Google has paid security researchers a total of $16,500 for the discovery of security issues in the web browser.

Google Chrome 11 includes a new speech input through HTMl feature which can be used by websites to use a web user’s speed input. Google Translate is one of the first services to include a listen option. Speech input requires a microphone connected to the computer.

The Google Chrome update is available directly from within the browser. You can check for the update with a click on the wrench icon in the address bar and the selection of About Google Chrome in the menu.

You find further instructions at our How To Upgrade, Downgrade Google Chrome guide.


© Martin Brinkmann for gHacks Technology News | Latest Tech News, Software And Tutorials, 2011. | Permalink | Add to del.icio.us, digg, facebook, reddit, twitter
Post tags: , , ,

Link to Original Content

Tags: , , ,

Comments are closed.