Google’s Chrome has yet another update as the search engine giant has released Chrome’s version 14.0.835.202. This update has been in regards to the maintenance and security issues, which would be for all the supported platforms. It is a stable channel update which even includes the new Flash Player 11 release and addresses a number of vulnerabilities.
Google had rated a memory corruption problem as ‘critical’ and the same has been fixed in the shader translator. Talking about the other holes which have been closed, it included eight ‘high-risk’ bugs ranging from a lifetime and threading issues in audio node handling to use-after-free error in text line box handling and stale fonts in text handling and from a cross-origin problem and the browser’s JavaScript engine to use-after-free and memory corruption exploits in V8.
It was even noted that as for the fixing up of the SSL/TLS vulnerability, Google still had worked hard on making it into a stable branch from the development version.
Like many Big Bounty programs, Google had even come up with a Chromium Security Reward program, wherein the search engine giant paid out a total of $10,000 to security researchers for reporting these vulnerabilities.
The details provided about the vulnerabilities are as follows:
-
[$1000] High CVE-2011-2876: Use-after-free in text line box handling. Credit to miaubiz.
-
[$1000] High CVE-2011-2877: Stale font in SVG text handling. Credit to miaubiz.
-
[$2000] High CVE-2011-2878: Inappropriate cross-origin access to the window prototype. Credit to Sergey Glazunov.
-
[96150] High CVE-2011-2879: Lifetime and threading issues in audio node handling. Credit to Google Chrome Security Team (Inferno).
-
[$4500] High CVE-2011-2880: Use-after-free in the v8 bindings. Credit to Sergey Glazunov.
-
[$1500] High CVE-2011-2881: Memory corruption with v8 hidden objects. Credit to Sergey Glazunov.
-
[98089] Critical CVE-2011-3873: Memory corruption in shader translator. Credit to Zhenyao Mo of the Chromium development community.
However, there was no further detailing on the vulnerabilities as it was noted that it would be withheld until “a majority of users are up-to-date with the fix”.
For the availability of Chrome’s latest version, downloads were available for Windows, Mac OS X and Linux from google.com/chrome. Those users, who already have Chrome installed on their desktops or laptops, they can make use of the built-in update function by clicking Tools, selecting About Google Chrome and clicking the Update button.
In a related development, Microsoft has been creating undesired troubles for Chrome users as its Security Essentials and Forefront security products have been blocking copies of the Google Chrome browser after labeling it as a “severe” threat. In some cases, the copies were deleted too. Chrome was posted as a threat as it was confused with Zeus, one of the world’s best-known crimeware packs. However an emergency update was released for the same on Friday.
Microsoft believes that the abnormal behavior ended in a few hours of it frustrating the Chrome users, but it was later on known that the issue was still not resolved as there was a poster posted by a user saying that after reinstalling Chrome multiple times, he had to temporarily give up as MSE keep nuking it. He continued saying, “I finally just removed it and am using Firefox right now. Hopefully they can fix this soon.”
Â