Google Addresses 9 Security Holes in Chrome 18

A total of 9 vulnerabilities were resolved by Google with the release of the new stable variant of the Chrome web browser.

It turns out that some of the security holes that were addressed in Chrome 18 rely on the studies performed by the company during the Pwnium competition.

So what was fixed?

In the high severity category we have a memory corruption in Skia, a use-after-free issue in SVG clipping and an off-by-one flaw in the OpenType Sanitizer.

The medium severity vulnerabilities include a bad interaction that may have led to a cross-site scripting (XSS) in EUC-JP, a checking error in the SPDY proxy certificate, and invalid read in V8, and a couple of out-of-bounds read problems in SVG text handling and in text fragmentation handling.

The low severity issue was addressed in Chrome 18 by more carefully validating the navigation requests from the renderer.

The identification of the high severity security holes was rewarded by Google with $2,000 (1,500 EUR) and the medium severity weaknesses with another $2,000 (1,500 EUR).

The list of experts credited for the discovery of the flaws includes Masato Kinugawa, Arthur Gerkis. Miaubiz, Leonidas Kontothanassis of Google, Mateusz Jurczyk of the Google Security Team, kuzzcc, Sergey Glazunov, PinkiePie, scarybeasts, Atte Kettunen of OUSPG, Christian Holler and Omair.

Bonuses were also awarded to some of the researchers for their awesomeness.

“We’d also like to thank miaubiz, Chamal de Silva, Atte Kettunen of OUSPG, Aki Helin of OUSPG and Arthur Gerkis for working with us during the development cycle and preventing security regressions from ever reaching the stable channel. $8000 of additional rewards were issued for this awesomeness,” Karen Grunberg of Google Chrome wrote.

This being said, users should check out the links bellow and download the latest stable variant of Chrome to ensure that their browsers are properly patched up.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.