(LiveHacking.Com) – Google has released Chrome 20 (20.0.1132.43) for Windows, Mac, and Linux. In doing so it also paid out some $11500 in rewards to security researchers who found potential High risk security vulnerabilities in Chrome and its supporting libraries.
One securty researcher, who goes by the name of Miaubiz, stands out. In Chrome 20 he was awarded $7000 for his efforts in finding securty vulnerabilities in Chrome. The majority of the bugs found were use-after-free bugs which are often used by hackers to develop exploits. The list of Maiubiz’s bugs are:
- [$1000] [120222] High CVE-2012-2817: Use-after-free in table section handling.
- [$1000] [120944] High CVE-2012-2818: Use-after-free in counter layout.
- [$1000] [124356] High CVE-2012-2823: Use-after-free in SVG resource handling.
- [$1000] [125374] High CVE-2012-2824: Use-after-free in SVG painting.
- [$1000] [129947] High CVE-2012-2829: Use-after-free in first-letter handling.
- [$1000] [129951] High CVE-2012-2830: Wild pointer in array value setting.
- [$1000] [130356] High CVE-2012-2831: Use-after-free in SVG reference handling.
Only one other bug received a bounty reward from Chrome, an integer overflow in Matroska container:
- [$1000] [132779] High CVE-2012-2834: Integer overflow in Matroska container. Credit to Jüri Aedla.
The remaining bugs that were found and fixed didn’t get any bounty. This is because either they were discovered by Google themsleves or the low level severity of the bug didn’t warrant a payout:
- [118633] Low CVE-2012-2815: Leak of iframe fragment id. Credit to Elie Bursztein of Google.
- [Windows only] [119150] [119250] High CVE-2012-2816: Prevent sandboxed processes interfering with each other. Credit to Google Chrome Security Team (Justin Schuh).
- [120977] High CVE-2012-2819: Crash in texture handling. Credit to Ken “gets” Russell of the Chromium development community.
- [121926] Medium CVE-2012-2820: Out-of-bounds read in SVG filter handling. Credit to Atte Kettunen of OUSPG.
- [122925] Medium CVE-2012-2821: Autofill display problem. Credit to “simonbrown60”.
- [various] Medium CVE-2012-2822: Misc. lower severity OOB read issues in PDF. Credit to awesome ASAN and various Googlers (Kostya Serebryany, Evgeniy Stepanov, Mateusz Jurczyk, Gynvael Coldwind).
- [128688] Medium CVE-2012-2826: Out-of-bounds read in texture conversion. Credit to Google Chrome Security Team (Inferno).
- [Mac only] [129826] Low CVE-2012-2827: Use-after-free in Mac UI. Credit to the Chromium development community (Dharani Govindan).
- [129857] High CVE-2012-2828: Integer overflows in PDF. Credit to Mateusz Jurczyk of Google Security Team and Google Chrome Security Team (Chris Evans).
- [Windows only] [130276] Low CVE-2012-2764: Unqualified load of metro DLL. Credit to Moshe Zioni of Comsec Consulting.
- [131553] High CVE-2012-2832: Uninitialized pointer in PDF image codec. Credit to Mateusz Jurczyk of Google Security Team.
- [132156] High CVE-2012-2833: Buffer overflow in PDF JS API. Credit to Mateusz Jurczyk of Google Security Team.
Google, like all major software, uses a range of external libraries which are also used by other projects. Google paid out $3500 for issues with a wider scope than just Chrome:
Note that the referenced bugs are kept private until a majority of Chrome users are up to date with the fixes.
