In association with heise online

25 March 2011, 10:10

Chrome 10 update patches security vulnerabilities

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Chrome Logo Google has released version 10.0.648.204 of its Chrome web browser, a maintenance and security update to the Chrome 10 stable branch. The update addresses a total of six vulnerabilities in the WebKit-based browser that can be "exploited by malicious people to compromise a system" and rates all of them with a "High" priority. Secunia, for example, rates the vulnerabilities as highly critical.

According to Google, one of the high risk issues relates to a buffer error in base string handling, while two others have to do with use-after-free, where memory is deallocated but later accessed, in the frame loader and in HTMLCollection. The other issues range from a stale pointer in CSS handling and in SVG text handling, as well as a DOM tree corruption bug. The update also includes several performance and stability fixes and adds support for the browser's password manager on Linux systems.

As part of its Chromium Security Reward programme, Google rewarded those who reported security vulnerabilities with a total of $8,500, of which $7,000 went to developer Sergey Glazunov alone. Further details of the Chrome vulnerabilities are being withheld until "a majority of users are up-to-date with the fix".

Details about the stable channel update can be found in a post on the Google Chrome Releases Blog. However, contrary to the release announcement and as noted by the commenters, the update is only available for the stable channel of the browser; the beta channel reached version 11 just three days ago.

Chrome 10.0.648.204 is available to download for Windows, Mac OS X and Linux from Users who currently have Chrome installed can use the built-in update function by clicking Tools, selecting About Google Chrome and clicking the Update button.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit