April 6, 2012 By Dancho Danchev

Google’s Chrome patches 12 ‘high risk’ security vulnerabilities

Yesterday, Google updated its Chrome browser to 18.0.1025.151 on Windows, Mac, Linux and Chrome Frame.

Next to patching multiple usability bugs, the latest update has also patched numerous vulnerabilities reported through  Google’s security bugs bounty program.

More details:

The following ‘high risk’ security flaws were patched:

  • [106577] [$500] Medium CVE-2011-3066: Out-of-bounds read in Skia clipping. Credit to miaubiz.
  • [117583] Medium CVE-2011-3067: Cross-origin iframe replacement. Credit to Sergey Glazunov.
  • [117698] [$1000] High CVE-2011-3068: Use-after-free in run-in handling. Credit to miaubiz.
  • [117728] [$1000] High CVE-2011-3069: Use-after-free in line box handling. Credit to miaubiz.
  • [118185] High CVE-2011-3070: Use-after-free in v8 bindings. Credit to Google Chrome Security Team (SkyLined).
  • [118273] High CVE-2011-3071: Use-after-free in HTMLMediaElement. Credit to pa_kt, reporting through HP TippingPoint ZDI (ZDI-CAN-1528).
  • [118467] Low CVE-2011-3072: Cross-origin violation parenting pop-up window. Credit to Sergey Glazunov.
  • [118593] [$1000] High CVE-2011-3073: Use-after-free in SVG resource handling. Credit to Arthur Gerkis.
  • [119281] [$500] Medium CVE-2011-3074: Use-after-free in media handling. Credit to Sławomir Błażek.
  • [119525] [$1000] High CVE-2011-3075: Use-after-free applying style command. Credit to miaubiz.
  • [120037] [$1000] High CVE-2011-3076: Use-after-free in focus handling. Credit to miaubiz.
  • [120189] Medium CVE-2011-3077: Read-after-free in script bindings. Credit to Google Chrome Security Team (Inferno).

The latest version of Chrome, also includes the latest version of the recently patched Adobe Flash Player.

Webroot advises end and corporate users to update to the latest version immediately.

You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on  Twitter.

Share Button
true