Google Revises Chrome 13 by Patching 11 Vulnerabilities

Google, on August 22, 2011, issued one upgraded edition of its widely used Web-browser Chrome 13, patching 11 security flaws, as per the news published on August 23, 2011.

Significantly, Google issued Chrome 13.0.782.215 aiming at Windows, Mac, Linux as also Chrome Frame for fixing several flaws, a few severe enough to make end-users vulnerable to assaults designed for running malware.

Of the 11 vulnerabilities, Google has named one, "Critical" a rating it rarely makes and formally called it "Memory corruption in vertex handling."

To understand what 'vertex' means, Google says it's certain graphical shape, which's possible in Chrome. The vertex vulnerability solely influences Chrome in Windows. The discoverer of this vulnerability is Michael Braithwaite a security researcher at Turbulenz Limited.

Meanwhile, alongside the "Critical" vulnerability, 9 of the rest of ten vulnerabilities were rated as "highly" important, while the last was rated as of "medium" importance.

And of those flaws rated "high," 4 were recognized as "use-after-free" vulnerabilities, which's a flaw type related to memory management, and if abused can allow attack code insertion. Use-after-free bugs became perceptible within custom fonts, counter nodes, text searching, and handling of both libxml XPath and line box.

The other vulnerabilities rated as "highly" important consist of one out-of-bounds write within the v8 JavaScript component of Chrome, and an integer overflow problem within standardized arrays.

Meanwhile, among the remaining 3 flaws, 2 were the discoveries of a Chrome security researcher, while the other was reported via ZDI (Zero-Day Initiative), one bounty program that HP TippingPoint runs. Interestingly, unlike several organizations like Microsoft and Adobe, Google detects vulnerabilities openly.

Notably, after the Chrome 13.0.782.215 launch, security researchers at Google are being awarded $8,837, including Braithwaite who has been awarded $1,337 in connection with the "critical" flaw, and Sergey Glazunov, a frequent contributor, who has received $2,500 in connection with 2 flaws rated "high." Furthermore, Google has rewarded external researchers with over $120,000 during 2011 for discovering Chrome bugs.

End-users can download the latest Chrome edition for Linux, Mac OS X and Windows from the authorized website of Google, while those using the browser since before will have it upgraded automatically.

Related article: Google Rectifies Gmail flaw in Three Days

» SPAMfighter News - 9/2/2011