The latest stable version of the popular
Google Chrome web browser has been updated to the 17.0.963.56 version to
address a total of 13 security holes, 7 of which were considered to be
high risk.
These high-risk vulnerabilities include an integer overflow in PDF codecs, a possible user-after-free in database handling, a heap overflow in path rendering, a heap buffer overflow in MKV handling, a use-after-free issue in subframe loading, an integer overflow in libpng, and a bad cast in column handling.
The individuals who contributed to these findings were awarded a total of $5,337 (3,735 EUR).
The identification of the 5 medium severity vulnerabilities was rewarded
by Google with $1,500 (1050 EUR). These weaknesses include a
read-after-free with counter nodes, a native client validator error, the
inappropriate use of HTTP for translation scripts, a use-after-free
issue with drag and drop, and an out of bounds reads in h.264 parsing.
The low-risk security hole identified by chrometot refers to a browser crash with empty x509 certificates.
Other contributors include Jüri Aedla, Sławomir Błażek, pa_kt, Arthur Gerkis, Aki Helin of OUSPG, and miaubiz. Scarybeasts from the Google Chrome Security Team, and Mateusz Jurczyk of the Google Security Team also contributed.
Chrome 17.0.963.56 for Windows, Mac, Linux and Chrome Frame also includes a new version of Flash, released to address a number of vulnerabilities, including a cross-site scripting (XSS) flaw that is currently being exploited.
These high-risk vulnerabilities include an integer overflow in PDF codecs, a possible user-after-free in database handling, a heap overflow in path rendering, a heap buffer overflow in MKV handling, a use-after-free issue in subframe loading, an integer overflow in libpng, and a bad cast in column handling.
The individuals who contributed to these findings were awarded a total of $5,337 (3,735 EUR).
Popular Web Browser Google Chrome |
The low-risk security hole identified by chrometot refers to a browser crash with empty x509 certificates.
Other contributors include Jüri Aedla, Sławomir Błażek, pa_kt, Arthur Gerkis, Aki Helin of OUSPG, and miaubiz. Scarybeasts from the Google Chrome Security Team, and Mateusz Jurczyk of the Google Security Team also contributed.
Chrome 17.0.963.56 for Windows, Mac, Linux and Chrome Frame also includes a new version of Flash, released to address a number of vulnerabilities, including a cross-site scripting (XSS) flaw that is currently being exploited.
No comments:
Post a Comment