Yesterday, Google updated its Chrome browser to 18.0.1025.151 on Windows, Mac, Linux and Chrome Frame.
Next to patching multiple usability bugs, the latest update has also patched numerous vulnerabilities reported through Google’s security bugs bounty program.
More details:
The following ‘high risk’ security flaws were patched:
- [106577] [$500] Medium CVE-2011-3066: Out-of-bounds read in Skia clipping. Credit to miaubiz.
- [117583] Medium CVE-2011-3067: Cross-origin iframe replacement. Credit to Sergey Glazunov.
- [117698] [$1000] High CVE-2011-3068: Use-after-free in run-in handling. Credit to miaubiz.
- [117728] [$1000] High CVE-2011-3069: Use-after-free in line box handling. Credit to miaubiz.
- [118185] High CVE-2011-3070: Use-after-free in v8 bindings. Credit to Google Chrome Security Team (SkyLined).
- [118273] High CVE-2011-3071: Use-after-free in HTMLMediaElement. Credit to pa_kt, reporting through HP TippingPoint ZDI (ZDI-CAN-1528).
- [118467] Low CVE-2011-3072: Cross-origin violation parenting pop-up window. Credit to Sergey Glazunov.
- [118593] [$1000] High CVE-2011-3073: Use-after-free in SVG resource handling. Credit to Arthur Gerkis.
- [119281] [$500] Medium CVE-2011-3074: Use-after-free in media handling. Credit to Sławomir Błażek.
- [119525] [$1000] High CVE-2011-3075: Use-after-free applying style command. Credit to miaubiz.
- [120037] [$1000] High CVE-2011-3076: Use-after-free in focus handling. Credit to miaubiz.
- [120189] Medium CVE-2011-3077: Read-after-free in script bindings. Credit to Google Chrome Security Team (Inferno).
The latest version of Chrome, also includes the latest version of the recently patched Adobe Flash Player.
Webroot advises end and corporate users to update to the latest version immediately.
You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on Twitter.
I like Chrome but think it is flawed for a security weakness which it would be irresponsible of me to detail here publicly. I have told this to one of their staff. Chrome is great for browsing but I keep logged out except for when I need to change a setting and use Firefox for emails, calendar etc which are account focused.