Vulnerabilities

Google Fixes 11 Security Holes in Latest Chrome Update

Google has plugged 11 security holes in its latest update for the Chrome browser, including one that garnered a critical rating.

Published

<p>Google has plugged 11 security holes in its latest update for the Chrome browser, including one that garnered <a href="http://googlechromereleases.blogspot.com/2011/08/stable-channel-update_22.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+GoogleChromeReleases+%28Google+Chrome+Releases%29" target="_blank" rel="noopener"> a critical rating.</a></p>

Google has plugged 11 security holes in its latest update for the Chrome browser, including one that garnered a critical rating.

Details of the bugs remain mostly under wraps, as is Google’s usual behavior. But based on what is known, the ‘critical’ vulnerability is a memory corruption in vertex handing issue discovered by Michael Braithwaite of Turbulenz Limited. According to Google, the flaw only affects Chrome users running Windows. The find earned Braithwaite a $1,337 reward.

Of the remaining 10 vulnerabilities, nine are rated ‘high.’ The final one is rated ‘medium.’

Here is a complete list of the vulnerabilities patched in Chrome 13.0.782.215:

• [$1000] [Windows only] [72492] Medium CVE-2011-2822: URL parsing confusion on the command line. Credit to Vladimir Vorontsov, ONsec company.

• [82552] High CVE-2011-2823: Use-after-free in line box handling. Credit to Google Chrome Security Team (SkyLined) and independent later discovery by miaubiz.

• [$1000] [88216] High CVE-2011-2824: Use-after-free with counter nodes. Credit to miaubiz.

• [88670] High CVE-2011-2825: Use-after-free with custom fonts. Credit to wushi of team509 reported through ZDI (ZDI-CAN-1283), plus independent later discovery by miaubiz.

Advertisement. Scroll to continue reading.

• [$1000] [89402] High CVE-2011-2821: Double free in libxml XPath handling. Credit to Yang Dingning from NCNIPC, Graduate University of Chinese Academy of Sciences.

• [$1000] [87453] High CVE-2011-2826: Cross-origin violation with empty origins. Credit to Sergey Glazunov.

• [$1337] [Windows only] [89836] Critical CVE-2011-2806: Memory corruption in vertex handing. Credit to Michael Braithwaite of Turbulenz Limited.

• [$1000] [90668] High CVE-2011-2827: Use-after-free in text searching. Credit to miaubiz.

• [91517] High CVE-2011-2828: Out-of-bounds write in v8. Credit to Google Chrome Security Team (SkyLined).

• [$1500] [32-bit only] [91598] High CVE-2011-2829: Integer overflow in uniform arrays. Credit to Sergey Glazunov. • [$1000] [Linux only] [91665] High CVE-2011-2839: Buggy memset() in PDF. Credit to Aki Helin of OUSPG.

In this article:

Related Content

Copyright © 2024 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Exit mobile version