Google Releases Chrome 16.0.912.77
US-Cert has just distributed a notification about the release of Chrome 16.0.912.77 for Linux, Mac, Windows, and Chrome Frame to address multiple vulnerabilities.
The vulnerabilities may allow an attacker to execute arbitrary code or
cause a denial-of-service condition.
Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.
- [$1000] [106484] High CVE-2011-3924: Use-after-free in DOM selections. Credit to Arthur Gerkis.
- [$3133.7] [107182] Critical CVE-2011-3925: Use-after-free in Safe Browsing navigation. Credit to Chamal de Silva. *
- [108461] High CVE-2011-3928: Use-after-free in DOM handling. Credit to wushi of team509 reported through ZDI (ZDI-CAN-1415).
- [$1000] [108605] High CVE-2011-3927: Uninitialized value in Skia. Credit to miaubiz.
- [$1000] [109556] High CVE-2011-3926: Heap-buffer-overflow in tree builder. Credit to Arthur Gerkis.
The bugs 106484, 107182, 108461, and 109556 were detected using AddressSanitizer.
* Bug 107182 was fixed in 16.0.912.75 but accidentally excluded from the release notes.
More information can be retrieved from the Google Chrome Release blog entry and update to Chrome 16.0.912.77.
Leave a Reply
Want to join the discussion?Feel free to contribute!