October 31, 2014

Google Releases Chrome 19 with 19 Security Fixes

(LiveHacking.Com) – The development of Google’s Chrome browser continues at a fast pace. Just six weeks after the release of Chrome 18, Google have now released Chrome 19. It boasts a new tab synchronization feature along with 19 security related fixes. None of the fixes in this new release are rated Critical but there are seven High severity fixes. High severity, according to Google’s definition, means that the vulnerability lets a hacker read or modify confidential data belonging to other web sites or lets an attacker execute arbitrary code within the confines of the Chrome sandbox. Vulnerabilities that interfere with browser security features are also considered High severity.

Four of the seven High severity issues are use-after-free issues. These bugs are can potentially be exploited to allow an attacker to run arbitrary code. Of the remaining three, two are out-of-bounds writes (one in the OGG container and one related to PDF). Again these types of errors are a foothold for a fully working exploit. The last High severity error is an invalid write in v8 regex. In total Google paid out $4000 in bounties to the external security researchers who found these errors.

The full list of security related fixes is:

  • [112983] Low CVE-2011-3083: Browser crash with video + FTP. Credit to Aki Helin of OUSPG.
  • [113496] Low CVE-2011-3084: Load links from internal pages in their own process. Credit to Brett Wilson of the Chromium development community.
  • [118374] Medium CVE-2011-3085: UI corruption with long autofilled values. Credit to “psaldorn”.
  • [$1000] [118642] High CVE-2011-3086: Use-after-free with style element. Credit to Arthur Gerkis.
  • [118664] Low CVE-2011-3087: Incorrect window navigation. Credit to Charlie Reis of the Chromium development community.
  • [$500] [120648] Medium CVE-2011-3088: Out-of-bounds read in hairline drawing. Credit to Aki Helin of OUSPG.
  • [$1000] [120711] High CVE-2011-3089: Use-after-free in table handling. Credit to miaubiz.
  • [$500] [121223] Medium CVE-2011-3090: Race condition with workers. Credit to Arthur Gerkis.
  • [121734] High CVE-2011-3091: Use-after-free with indexed DB. Credit to Google Chrome Security Team (Inferno).
  • [$1000] [122337] High CVE-2011-3092: Invalid write in v8 regex. Credit to Christian Holler.
  • [$500] [122585] Medium CVE-2011-3093: Out-of-bounds read in glyph handling. Credit to miaubiz.
  • [122586] Medium CVE-2011-3094: Out-of-bounds read in Tibetan handling. Credit to miaubiz.
  • [$1000] [123481] High CVE-2011-3095: Out-of-bounds write in OGG container. Credit to Hannu Heikkinen.
  • [Linux only] [123530] Low CVE-2011-3096: Use-after-free in GTK omnibox handling. Credit to Arthur Gerkis.
  • [123733] [124182] High CVE-2011-3097: Out-of-bounds write in sampled functions with PDF. Credit to Kostya Serebryany of Google and Evgeniy Stepanov of Google.
  • [Windows only] [124216] Low CVE-2011-3098: Bad search path for Windows Media Player plug-in. Credit to Haifei Li of Microsoft and MSVR (MSVR:159).
  • [124479] High CVE-2011-3099: Use-after-free in PDF with corrupt font encoding name. Credit to Mateusz Jurczyk of Google Security Team and Gynvael Coldwind of Google Security Team.
  • [124652] Medium CVE-2011-3100: Out-of-bounds read drawing dash paths. Credit to Google Chrome Security Team (Inferno).

Note that the referenced bugs may be kept private, by Google, until a majority of users are using the latest version of Chrome.

For the astute amongst you, the above list has 18 bullet points, but CVE-2011-3097: “Out-of-bounds write in sampled functions with PDF” covers two bugs making it 19 fixes for Chrome 19!

Having said that, Google also released information on two bugs fixed outside of Chrome which could have an impact on the security of Chrome itself:

  • [Linux only] [$500] [118970] Medium CVE-2011-3101: Work around Linux Nvidia driver bug. Credit to Aki Helin of OUSPG.
  • [$1500] [125462] High CVE-2011-3102: Off-by-one out-of-bounds write in libxml. Credit to Jüri Aedla.

Finally, Google paid out over $9000 to researchers who found security holes in Chrome 19 during its development.

Share and Enjoy:
  • Print
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks