Google Patches High-Risk Vulnerabilities in Chrome

By Wolfgang Gruener
published

Google updated its stable Chrome browser with a new version that includes three major security fixes.

Version 23.0.1271.91 patches vulnerabilities that affect a corrupt rendering in the Apple OS X driver for Intel GPUs, a buffer underflow in libxml, as well as a high-risk use-after-free in SVG filters bug.

Additional security fixes cover an out-of-bounds read in Skia, a use-after-free bug printing bug, a bad cast in input element handling, and a browser crash issue. Google paid a total of $2,500 in external bug rewards. In addition to the security problems, the new Chrome version also patches a problem that resulted in no audio from Flash content when the speaker configuration is set to quadraphonic, and a renderer crash on Windows Server 2003.

Google released the new browser version for Windows, Mac, Linux, and ChromeFrame platforms.

Contact Us for News Tips, Corrections and Feedback

Wolfgang Gruener
7 Comments Comment from the forums
  • A Bad Day
    Certain software companies:

    "Shh, if we don't say anything and prevent others from doing the same, then we don't have to do anything..."
    Reply
  • Pennanen
    I didnt know a botnet could have security vulnerabilities.
    Reply
  • Pherule
    PennanenI didnt know a botnet could have security vulnerabilities.My thoughts exactly. Chrome users should consider switching to Comodo Dragon. It's Chrome without the botnet.
    Reply
  • mouse24
    PennanenI didnt know a botnet could have security vulnerabilities.PheruleMy thoughts exactly. Chrome users should consider switching to Comodo Dragon. It's Chrome without the botnet.
    Do you guys even know what a botnet is? I don't think you do.

    Reply
  • ushyperion
    mouse24Do you guys even know what a botnet is? I don't think you do.
    I agree on you.
    Reply
  • Pherule
    mouse24Do you guys even know what a botnet is? I don't think you do.Do YOU know what a botnet is? I don't think YOU do. Pic related:

    http://i.imgur.com/lHshj.png
    Reply
  • dotaloc
    PheruleDo YOU know what a botnet is? I don't think YOU do. Pic related:http://i.imgur.com/lHshj.png
    "A botnet is a collection of internet-connected computers whose security defenses have been breached and control ceded to a malicious party. The controller of a botnet is able to direct the activities of these compromised computers."
    Oh! An infographic? My bad...you must be correct.

    Seriously, though, botnet seems to be a gross generalization for this scenario.

    1) It is not widely accepted that Google is malicious. Presumably, users (intentional users, anyway) do not think Google is bad or they'd be using an alternate browser.
    2) The "ceded control" is certainly minimal and, in large, required to perform some of the services many users find invaluable (history/tab/password syncing ... faster page rendering due to proactive query assumption).
    3) Google has not demonstrated the ability to "direct the activities" of these "bots," to my knowledge. At least in the general sense of the term.

    That said, just like steam...I use chrome and enjoy it, but we do have to make sure they don't overstep their bounds!
    Reply