Sign in with
Sign up | Sign in

Google Patches High-Risk Vulnerabilities in Chrome

By - Source: Google | B 7 comments

Google updated its stable Chrome browser with a new version that includes three major security fixes.

Version 23.0.1271.91 patches vulnerabilities that affect a corrupt rendering in the Apple OS X driver for Intel GPUs, a buffer underflow in libxml, as well as a high-risk use-after-free in SVG filters bug.

Additional security fixes cover an out-of-bounds read in Skia, a use-after-free bug printing bug, a bad cast in input element handling, and a browser crash issue. Google paid a total of $2,500 in external bug rewards. In addition to the security problems, the new Chrome version also patches a problem that resulted in no audio from Flash content when the speaker configuration is set to quadraphonic, and a renderer crash on Windows Server 2003.

Google released the new browser version for Windows, Mac, Linux, and ChromeFrame platforms.

 

Contact Us for News Tips, Corrections and Feedback

Display 7 Comments.
This thread is closed for comments
  • 1 Hide
    A Bad Day , November 28, 2012 3:04 AM
    Certain software companies:

    "Shh, if we don't say anything and prevent others from doing the same, then we don't have to do anything..."
  • -5 Hide
    Pennanen , November 28, 2012 3:57 AM
    I didnt know a botnet could have security vulnerabilities.
  • -4 Hide
    Pherule , November 28, 2012 7:51 AM
    PennanenI didnt know a botnet could have security vulnerabilities.

    My thoughts exactly. Chrome users should consider switching to Comodo Dragon. It's Chrome without the botnet.
  • 4 Hide
    mouse24 , November 28, 2012 8:48 AM
    PennanenI didnt know a botnet could have security vulnerabilities.

    PheruleMy thoughts exactly. Chrome users should consider switching to Comodo Dragon. It's Chrome without the botnet.


    Do you guys even know what a botnet is? I don't think you do.

  • -1 Hide
    ushyperion , November 28, 2012 1:00 PM
    mouse24Do you guys even know what a botnet is? I don't think you do.


    I agree on you.
  • 0 Hide
    Pherule , November 28, 2012 2:59 PM
    mouse24Do you guys even know what a botnet is? I don't think you do.

    Do YOU know what a botnet is? I don't think YOU do. Pic related:

    http://i.imgur.com/lHshj.png
  • 0 Hide
    dotaloc , November 29, 2012 2:34 PM
    PheruleDo YOU know what a botnet is? I don't think YOU do. Pic related:http://i.imgur.com/lHshj.png


    "A botnet is a collection of internet-connected computers whose security defenses have been breached and control ceded to a malicious party. [...]The controller of a botnet is able to direct the activities of these compromised computers." [wikipedia: botnet]

    Oh! An infographic? My bad...you must be correct.

    Seriously, though, botnet seems to be a gross generalization for this scenario.

    1) It is not widely accepted that Google is malicious. Presumably, users (intentional users, anyway) do not think Google is bad or they'd be using an alternate browser.
    2) The "ceded control" is certainly minimal and, in large, required to perform some of the services many users find invaluable (history/tab/password syncing ... faster page rendering due to proactive query assumption).
    3) Google has not demonstrated the ability to "direct the activities" of these "bots," to my knowledge. At least in the general sense of the term.

    That said, just like steam...I use chrome and enjoy it, but we do have to make sure they don't overstep their bounds!