(LiveHacking.Com) – The version numbers keep flying upwards! Google has released Chrome 18.0.1025.142 for Windows, Mac and Linux with a number of new features (including faster and fancier graphics) and a collection of security fixes. None of the security fixes in this release are marked as Critical but there are three High severity fixes.
Under Google’s definitions, High severity means that the vulnerability lets an attacker read or modify confidential data belonging to other web sites or if the attacker can execute arbitrary code within the confines of the sandbox. Vulnerabilities that interfere with browser security features are also high severity.
The first of the High severity bug fixed was an off-by-one error in OpenType Sanitizer, the next was a use-after-free error in SVG clipping and the third a memory corruption in Skia.
As part of the Chrome Vulnerability Rewards Program, which was created to help reward the contributions of security researchers who invest their time and effort in to making Chrome more secure, Google paid out $3000 for this release.
The full list of security related bug fixed are:
- [$500]  Medium CVE-2011-3058: Bad interaction possibly leading to XSS in EUC-JP. Credit to Masato Kinugawa.
- [$500]  Medium CVE-2011-3059: Out-of-bounds read in SVG text handling. Credit to Arthur Gerkis.
- [$500]  Medium CVE-2011-3060: Out-of-bounds read in text fragment handling. Credit to miaubiz.
-  Medium CVE-2011-3061: SPDY proxy certificate checking error. Credit to Leonidas Kontothanassis of Google.
-  High CVE-2011-3062: Off-by-one in OpenType Sanitizer. Credit to Mateusz Jurczyk of the Google Security Team.
-  Low CVE-2011-3063: Validate navigation requests from the renderer more carefully. Credit to kuzzcc, Sergey Glazunov, PinkiePie and scarybeasts (Google Chrome Security Team).
- [$1000]  High CVE-2011-3064: Use-after-free in SVG clipping. Credit to Atte Kettunen of OUSPG.
- [$1000]  High CVE-2011-3065: Memory corruption in Skia. Credit to Omair.
- [$500]  Medium CVE-2011-3057: Invalid read in v8. Credit to Christian Holler.
Google have also said that some of these items represent the start of hardening measures based on study of the exploits submitted to the Pwnium competition.
Note that the referenced bugs may be kept private until a majority of Chrome users are up to date with the fixes.
Chrome 18 also introduces some new features, specifically Google have enabled GPU-accelerated Canvas2D on capable Windows and Mac computers. This feature had previously been enabled in the Beta channel and Google hope developers have had a chance to try it out. Chrome 18 also enables SwiftShader, a software rasterizer licensed from TransGaming, for users with graphics cards which can’t cope with WebGL rendering.
Chrome 18 also includes Flash Player 11.2 which contains a number of new features along with security updates. See our post here.