In association with heise online

22 March 2012, 10:28

Chrome 17 update fixes high-risk vulnerabilities

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Google Chrome logo Google has released version 17.0.963.83 of its Chrome web browser, a maintenance update that fixes issues with Flash games and closes several security holes. The Stable channel update addresses a total of nine vulnerabilities, six of which are rated as "high severity".

These include an integer issue in libpng (the official PNG reference library), a memory corruption problem in WebGL canvas handling and a cross-origin violation related to "magic iframe", as well as use-after-free errors in first-letter handling, CSS cross-fade handling and block splitting. One medium-risk invalid read in the V8 JavaScript engine and two low-risk problems related to WebUI privileges and unpacked extension installation have also been fixed.

As part of its Chromium Security Vulnerability Rewards programme, Google paid security researchers $5,500 for discovering and reporting the holes. Additional details about the vulnerabilities are being withheld until "a majority of users are up-to-date with the fix". The developers also note that a low severity issue related to the extension web request API was fixed in a previous release but was not properly credited.

Further information about the update can be found in a post on the Google Chrome Releases blog. Chrome 17.0.963.83 is available to download from google.com/chrome for Windows, Mac OS X and Linux; alternatively, existing users can upgrade using the built-in update function.

See also:

(crve)

Print Version | Send by email | Permalink: http://h-online.com/-1477749
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit