September 26, 2016

Google Fixes Critical Memory Corruption Vulnerability in Chrome

(LiveHacking.Com) – Google has released Chrome 13.0.782.215 for all platforms. This version addresses multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code.

Security
Google gave out over $8,000 in rewards for this version with the biggest reward going to Sergey Glazunov for an integer overflow bug. The only critical vulnerability listed for this release is a memory corruption in the vertex handling. It was found by Michael Braithwaite of Turbulenz Limited and he was rewarded $1337 for his efforts.

The security fixes are:

  • [$1000] [Windows only] [72492] Medium CVE-2011-2822: URL parsing confusion on the command line. Credit to Vladimir Vorontsov, ONsec company.
  • [82552] High CVE-2011-2823: Use-after-free in line box handling. Credit to Google Chrome Security Team (SkyLined) and independent later discovery by miaubiz.
  • [$1000] [88216] High CVE-2011-2824: Use-after-free with counter nodes. Credit to miaubiz.
  • [88670] High CVE-2011-2825: Use-after-free with custom fonts. Credit to wushi of team509 reported through ZDI (ZDI-CAN-1283), plus indepdendent later discovery by miaubiz.
  • [$1000] [89402] High CVE-2011-2821: Double free in libxml XPath handling. Credit to Yang Dingning from NCNIPC, Graduate University of Chinese Academy of Sciences.
  • [$1000] [87453] High CVE-2011-2826: Cross-origin violation with empty origins. Credit to Sergey Glazunov.
  • [$1337] [Windows only] [89836] Critical CVE-2011-2806: Memory corruption in vertex handing. Credit to Michael Braithwaite of Turbulenz Limited.
  • [$1000] [90668] High CVE-2011-2827: Use-after-free in text searching. Credit to miaubiz.
  • [91517] High CVE-2011-2828: Out-of-bounds write in v8. Credit to Google Chrome Security Team (SkyLined).
  • [$1500] [32-bit only] [91598] High CVE-2011-2829: Integer overflow in uniform arrays. Credit to Sergey Glazunov.
  • [$1000] [Linux only] [91665] High CVE-2011-2839: Buggy memset() in PDF. Credit to Aki Helin of OUSPG.

Note that the referenced bugs are kept private by Google until a majority of users are up to date with the fix.

Share and Enjoy:
  • Print
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks

Comments

  1. Now I know. I love Google Chrome but I’m using it less frequently because of the crashes. It’s lame to have Chrome as your primary browser then you load another browser to integrate your download with IDM. Until Google fixes this issue, I have to stick with Firefox and Avant browser for now.