Google Fixes Serious Flaws in Chrome, Including Critical Safe Browsing Bug

Google has fixed several serious vulnerabilities in its Chrome browser, including a critical use-after-free flaw in the Safe Browsing navigation. The company paid out its highest bug bounty of $3133.70 for that bug.

Among the other vulnerabilities Google fixed were four high-severity ones, including two other use-after-free vulnerabilities. Three of those other flaws earned $1,000 rewards for the researchers who reported them. The other one was reported through TippingPoint's Zero Day Initiative.

The full list of vulnerabilities fixed in Chrome 16.0.912.77 includes:

• [$1000] [106484] High CVE-2011-3924: Use-after-free in DOM selections. Credit to Arthur Gerkis.
• [$3133.7] [107182] Critical CVE-2011-3925: Use-after-free in Safe Browsing navigation. Credit to Chamal de Silva. *
• [108461] High CVE-2011-3928: Use-after-free in DOM handling. Credit to wushi of team509 reported through ZDI (ZDI-CAN-1415).
• [$1000] [108605] High CVE-2011-3927: Uninitialized value in Skia. Credit to miaubiz.
• [$1000] [109556] High CVE-2011-3926: Heap-buffer-overflow in tree builder. Credit to Arthur Gerkis.

The use-after-free flaw in the Safe Browsing navigation actually was fixed in a previous version of Chrome, but Google officials forgot to include it in the release notes at that point.

Commenting on this Article is closed.