14 DAY TRIAL // Google has released a security update for its Chrome browser in order to address many security vulnerabilities, including a rare critical one.
The new Chrome 13.0.782.215 version fixes a total number of 11 security flaws, nine of which are rated as high severity, one medium and one critical.
Three of the patched vulnerabilities were not rewarded through Google's Chromium Security Rewards program.
Two of them, a use-after-free flaw in line box handling (CVE-2011-2823) and an out-of-bounds memory write in the v8 JavaScript engine (CVE-2011-2828), were discovered by SkyLined of the Google Chrome Security Team.
CVE-2011-2823 was also independently discovered by miaubiz, a regular Chrome security contributor. The researcher is also credited with discovering the third unrewarded vulnerability, a use-after-free with custom fonts (CVE-2011-2825).
Wushi of team509 also reported it through the Zero Day Initiative (ZDI) program in advance, therefore spoiling the chances of any reward.
Nevertheless, miaubiz earned $2,000 in this release, for two high-severity user-after-free vulnerabilities in counter nodes (CVE-2011-2824) and text searching (CVE-2011-2827).
Sergey Glazunov, the highest paid researcher through the Chrome security bounty program so far, also earned $2,500 for a cross-origin violation with empty origins (CVE-2011-2826) and a 32-bit only integer overflow in uniform arrays (CVE-2011-2829).
Michael Braithwaite of Turbulenz Limited received the special $1,337 (leet) reward for a Windows only memory corruption vulnerability in vertex handing. This flaw is rated as critical, which, thanks to its native sandbox, is a rare occurrence in Google Chrome.
Vladimir Vorontsov of ONsec received $1,000 for a medium-impact URL parsing confusion on the command line (CVE-2011-2822), Yang Dingning from NCNIPC $1,000 for a double-free vulnerability in libxml XPath handling (CVE-2011-2821), and Aki Helin of OUSPG $1,000 for a bug in the PDF memset() function (CVE-2011-2839).
The latest version Google Chrome for Windows can be downloaded from here. The latest version Google Chrome for Linux can be downloaded from here. The latest version Google Chrome for Mac can be downloaded from here.