Google has updated Chrome for Windows, Mac and Linux to version 11.0.696.71 to fix a variety of vulnerabilities which, if exploited, could allow an attacker to execute arbitrary code.
Google only paid out $1000 this time around under its rewards scheme. The recipient was Martin Barbella for discovering a stale pointer in the floats rendering. The full list of security fixes and bug fixes is as follows:
- [72189] Low CVE-2011-1801: Pop-up blocker bypass. Credit to Chamal De Silva.
- [82546] High CVE-2011-1804: Stale pointer in floats rendering. Credit to Martin Barbella.
- [82873] Critical CVE-2011-1806: Memory corruption in GPU command buffer. Credit to Google Chrome Security Team (Cris Neckar).
- [82903] Critical CVE-2011-1807: Out-of-bounds write in blob handling. Credit to Google Chrome Security Team (Inferno) and Kostya Serebryany of the Chromium development community.
- REGRESSION: selection extended by arrow keys flickers on LinkedIn.com. (Issue 83197).
- Have ConnectBackupJob try IPv4 first to hide potential long IPv6 connect timeout (Issue 81686).
- Mac plugin crashes are too low in stats (Issue 82172).
- Incorrect ACLs on the archived copy of setup.exe (Issue 82424)
Note that some of the referenced bugs are kept private until a majority of Chrome users have updated.
