Search My Blog

Wednesday, June 29, 2011

Google Chrome 12 Updates for 7 Flaws - Datamation

Google Chrome 12 Updates for 7 Flaws

Google releases security update for its browser.

Make no mistake about it, Google updates its Chrome browser very rapidly.

At the beginning of June, Google released the first stable version of Chrome 12, fixing at least 15 different security issues and adding new features. Chrome 12 itself is the fourth major browser release from Google so far in 2011. Now Google is updating Chrome – again.

A new version of Chrome 12 is now out for Windows, Linux and Mac, fixing at least seven security flaws, six of which are identified by Google as being high-impact. Chrome Stable 12.0.742.112 is the first security update to Chrome 12 since its' initial release earlier this month.

As part of Google's Chromium Security Reward program, Google is paying out $6,000 in awards to security researchers for flaws reported and now fixed in Chrome 12.0.742.112.

The big winner in terms of awards for Chrome 12.0.742.112 is a security researcher that Google has identified only as ' miaubiz' who collected $4,000 for reporting 5 flaws. Among the flaws miaubiz reported are three separate use-after-free errors, in SVG font handling, SVG use element and in text selection. A use-after-free flaw is one where the memory that is supposed to be returned to the system after being used, is not. The allocated memory can then potentially be leveraged by an attacker to use the same space to exploit the browser.

Other high-impact flaws fixed in Chrome 12.0.742.112 include a memory corruption issue with CSS parsing, a bounds check issue with the V8 JavaScript engine and re-entrancy issues with the HTML parser.

Aside from researcher reported flaws, Chrome 12.0.742.112 also includes an updated version of Flash. Chrome is the only browser that includes an integrated Adobe Flash player and often receives Flash updates before Adobe releases standalone Flash player updates for other platforms.



No comments: