September 30, 2016

Google Updates Chrome Again to Fix Seven High Risk Vulnerabilities

(LiveHacking.Com) – Google has updated Chrome to 18.0.1025.151 to fix some bugs, add a new version of Flash and fix twelve security vulnerabilities. The new release, which is available for Windows, Mac and Linux is Google’s second release in just eight days. As part of its security reward program, Google paid out $6000 to security researchers for their efforts in making Google Chrome safer.

Seven of the tweleve vulnerabilities are rated as “high,” the second-most-serious ranking in Google’s scoring system. Of the remaining, four were marked “medium” and one was labeled “low.” All of the high risk vulnerabilities are use-after-free bugs in various parts of the Chrome code including in line box handling, v8 bindings, HTMLMediaElement and focus handling.

The full list of fixes is:

  • [$500] [106577] Medium CVE-2011-3066: Out-of-bounds read in Skia clipping. Credit to miaubiz.
  • [117583] Medium CVE-2011-3067: Cross-origin iframe replacement. Credit to Sergey Glazunov.
  • [$1000] [117698] High CVE-2011-3068: Use-after-free in run-in handling. Credit to miaubiz.
  • [$1000] [117728] High CVE-2011-3069: Use-after-free in line box handling. Credit to miaubiz.
  • [118185] High CVE-2011-3070: Use-after-free in v8 bindings. Credit to Google Chrome Security Team (SkyLined).
  • [118273] High CVE-2011-3071: Use-after-free in HTMLMediaElement. Credit to pa_kt, reporting through HP TippingPoint ZDI (ZDI-CAN-1528).
  • [118467] Low CVE-2011-3072: Cross-origin violation parenting pop-up window. Credit to Sergey Glazunov.
  • [$1000] [118593] High CVE-2011-3073: Use-after-free in SVG resource handling. Credit to Arthur Gerkis.
  • [$500] [119281] Medium CVE-2011-3074: Use-after-free in media handling. Credit to Sławomir Błażek.
  • [$1000] [119525] High CVE-2011-3075: Use-after-free applying style command. Credit to miaubiz.
  • [$1000] [120037] High CVE-2011-3076: Use-after-free in focus handling. Credit to miaubiz.
  • [120189] Medium CVE-2011-3077: Read-after-free in script bindings. Credit to Google Chrome Security Team (Inferno).

Note: Google may keep the referenced bugs secret until a majority of Chrome users are up to date with the fix.

Other things

This release also fixes the following issues:

  • black screen on Hybrid Graphics system with GPU accelerated compositing enabled (Issue: 117371)
  • CSS not applied to <content> element (Issue: 114667)
  • Regression rendering a div with background gradient and borders (Issue: 113726)
  • Canvas 2D line drawing bug with GPU acceleration (Issue: 121285)
  • Multiple crashes (Issues: 72235116825 and 92998)
  • Pop-up dialog is at wrong position (Issue: 116045)
  • HTML Canvas patterns are broken if you change the transformation matrix (Issue: 112165)
  • SSL interstitial error “proceed anyway” / “back to safety” buttons don’t work (Issue: 119252)

Known Issues:

  • HTML5 audio doesn’t work on some Mac computers (Issue: 109441)

A new version of Flash Player is included in this release, more details are available in an addendum to the following Flash Player advisory.

Share and Enjoy:
  • Print
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks