14 High Severity Vulnerabilities Fixed in Chrome Stable 17.0.963.65

Wanting to make sure that its web browser is one of the safest on the market, Google released a new variant of Chrome Stable 17 to address some important vulnerabilities that may have affected the safety of users.

Chrome Stable 17.0.963.65 addresses a number of 14 high-severity flaws which include use-after-free issues in the v8 element wrapper, in SVG value handling, in SVG document handling, in SVG use handling, in multi-column handling, in quote handling, in flexbox with floats, in class attribute handling, in table section handling, and with SVG animation elements.

Other security holes include an out-of-bounds read in text handling, bad casts in anonymous block splitting and in-line box handling, and a buffer overflow in the Skia drawing library.

The use-after-free in the v8 element wrapping vulnerability was identified by Chamal de Silva, the researcher being rewarded with $1,000 (750 EUR) for his contribution to Chrome’s security.

The other weaknesses were reported by miaubiz, Arthur Gerkis, and Aki Helin of OUSPG. Besides the rewards they were given for finding the individual bugs, the experts were awarded by Google with an extra $10,000 (7,500 EUR) each, for their contributions in the past months.

“We have always reserved the right to arbitrarily reward sustained, extraordinary contributions. In this instance, we’re dropping a surprise bonus,” Google informs.

“We reserve the right to do so again and reserve the right to do so on a more regular basis! Chrome has a leading reputation for security and it wouldn’t be possible without the aggressive bug hunting of the wider community.”

In order to avoid any unfortunate situations, Chrome users are advised to update to the latest variant.


No comments:

Post a Comment

Note: Only a member of this blog may post a comment.