May 17, 2020

Google Release Chrome 13 with 30 Security Fixes Plus New Features Like Instant Pages

(LiveHacking.Com) – Google has released Chrome 13.0.782.107 which addresses multiple vulnerabilities. These vulnerabilities may allow an attacker to perform a cross-site scripting attack, or to execute arbitrary code.

Security

Google gave out over $17,000 in rewards for this version, which is possibly the biggest total amount of cash paid out for any one version of Chrome to date.

Security fixes include:

  • [75821] Medium CVE-2011-2358: Always confirm an extension install via a browser dialog. Credit to Sergey Glazunov.
  • [$1000 each] [78841] High CVE-2011-2359: Stale pointer due to bad line box tracking in rendering. Credit to miaubiz and Martin Barbella.
  • [79266] Low CVE-2011-2360: Potential bypass of dangerous file prompt. Credit to kuzzcc.
  • [79426] Low CVE-2011-2361: Improve designation of strings in the basic auth dialog. Credit to kuzzcc.
  • [Linux only] [81307] Medium CVE-2011-2782: File permissions error with drag and drop. Credit to Evan Martin of the Chromium development community.
  • [83273] Medium CVE-2011-2783: Always confirm a developer mode NPAPI extension install via a browser dialog. Credit to Sergey Glazunov.
  • [83841] Low CVE-2011-2784: Local file path disclosure via GL program log. Credit to kuzzcc.
  • [84402] Low CVE-2011-2785: Sanitize the homepage URL in extensions. Credit to kuzzcc.
  • [84600] Low CVE-2011-2786: Make sure the speech input bubble is always on-screen. Credit to Olli Pettay of Mozilla.
  • [84805] Medium CVE-2011-2787: Browser crash due to GPU lock re-entrancy issue. Credit to kuzzcc.
  • [85559] Low CVE-2011-2788: Buffer overflow in inspector serialization. Credit to Mikołaj Małecki.
  • [$500 each] [85808] Medium CVE-2011-2789: Use after free in Pepper plug-in instantiation. Credit to Mario Gomes and kuzzcc.
  • [$1000] [86502] High CVE-2011-2790: Use-after-free with floating styles. Credit to miaubiz.
  • [$1000] [86900] High CVE-2011-2791: Out-of-bounds write in ICU. Credit to Yang Dingning from NCNIPC, Graduate University of Chinese Academy of Sciences.
  • [$1000] [87148] High CVE-2011-2792: Use-after-free with float removal. Credit to miaubiz.
  • [$1000] [87227] High CVE-2011-2793: Use-after-free in media selectors. Credit to miaubiz.
  • [$500] [87298] Medium CVE-2011-2794: Out-of-bounds read in text iteration. Credit to miaubiz.
  • [$500] [87339] Medium CVE-2011-2795: Cross-frame function leak. Credit to Shih Wei-Long.
  • [87548] High CVE-2011-2796: Use-after-free in Skia. Credit to Google Chrome Security Team (Inferno) and Kostya Serebryany of the Chromium development community.
  • [$1000] [87729] High CVE-2011-2797: Use-after-free in resource caching. Credit to miaubiz.
  • [87815] Low CVE-2011-2798: Prevent a couple of internal schemes from being web accessible. Credit to sirdarckcat of the Google Security Team.
  • [$1000] [87925] High CVE-2011-2799: Use-after-free in HTML range handling. Credit to miaubiz.
  • [$500] [88337] Medium CVE-2011-2800: Leak of client-side redirect target. Credit to Juho Nurminen.
  • [$1000] [88591] High CVE-2011-2802: v8 crash with const lookups. Credit to Christian Holler.
  • [88827] Medium CVE-2011-2803: Out-of-bounds read in Skia paths. Credit to Google Chrome Security Team (Inferno).
  • [$1000] [88846] High CVE-2011-2801: Use-after-free in frame loader. Credit to miaubiz.
  • [$1000] [88889] High CVE-2011-2818: Use-after-free in display box rendering. Credit to Martin Barbella.
  • [$500] [89142] High CVE-2011-2804: PDF crash with nested functions. Credit to Aki Helin of OUSPG.
  • [$1500] [89520] High CVE-2011-2805: Cross-origin script injection. Credit to Sergey Glazunov.
  • [$1500] [90222] High CVE-2011-2819: Cross-origin violation in base URI handling. Credit to Sergey Glazunov.

Note that the referenced bugs are kept private by Google until a majority of users are up to date with the fix.

New Features

Chrome 13 also includes Instant Pages, a new technology which pre renders the top search result for you. When you click, the page loads instantly. Google have been working for years to develop their relevance technology, and they say they can fairly accurately predict when to prerender a page.

To find out about other new features, check out the Official Chrome Blog.

Google Release Chrome 12.0.742.112 to Close Security Holes

Google has released Chrome 12.0.742.112 to close six high risk security holes (and a medium level risk out-of-bounds read in the NPAPI string handling). All of these latest vulnerabilities where found under the Chromium Security Reward programme and cost Google $6000. The release, which is out for Windows, Mac OS X and Linux, also contains an updated version of Adobe Flash.

The list of holes plugged are:

  • [$1000] [77493] Medium CVE-2011-2345: Out-of-bounds read in NPAPI string handling. Credit to Philippe Arteau.
  • [$1000] [84355] High CVE-2011-2346: Use-after-free in SVG font handling. Credit to miaubiz.
  • [$1000] [85003] High CVE-2011-2347: Memory corruption in CSS parsing. Credit to miaubiz.
  • [$500] [85102] High CVE-2011-2350: Lifetime and re-entrancy issues in the HTML parser. Credit to miaubiz.
  • [$500] [85177] High CVE-2011-2348: Bad bounds check in v8. Credit to Aki Helin of OUSPG.
  • [$1000] [85211] High CVE-2011-2351: Use-after-free with SVG use element. Credit to miaubiz.
  • [$1000] [85418] High CVE-2011-2349: Use-after-free in text selection. Credit to miaubiz.

The full list of changes is available in the SVN revision log. Note that the referenced bugs are kept private until a majority of Chrome users have updated.

Noticeable by his absence from the list was Sergey Glazunov who has earned thousands of dollars from Google while making Chrome safer.

Chrome 12.0.742.112 is also available to download  from google.com/chrome.

Google Releases Chrome 10.0.648.204 – Adds Password Manager on Linux

Google have updated the Chrome web browser to 10.0.648.204 for Windows, Mac and Linux. Included in this release is support for the password manager on Linux, performance and stability fixes, as well as important security fixes.

The security fixes addresses issues found mainly under the Chromium reward program where hackers are rewarded for finding vulnerabilities in the web browser. Google paid out over $8500 to the hackers who found these problems:

  • [$500] [72517] High CVE-2011-1291: Buffer error in base string handling. Credit to Alex Turpin.
  • [$1000] [73216] High CVE-2011-1292: Use-after-free in the frame loader. Credit to Sławomir Błażek.
  • [$2000] [73595] High CVE-2011-1293: Use-after-free in HTMLCollection. Credit to Sergey Glazunov.
  • [$1500] [74562] High CVE-2011-1294: Stale pointer in CSS handling. Credit to Sergey Glazunov.
  • [$2000] [74991] High CVE-2011-1295: DOM tree corruption with broken node parentage. Credit to Sergey Glazunov.
  • [$1500] [75170] High CVE-2011-1296: Stale pointer in SVG text handling. Credit to Sergey Glazunov.

You may find that the links above don’t work for a few days  as Google restricts the access to the fix details until “the majority of Chrome users have updated to the latest patched version.”