Jump to content

Chrome 18 release fixes bug competition finds

err0r

By err0r
in Main News

 Share

Recommended Posts

err0r Grand Master

err0r

Posted
Posted

It was the Pwnium competition held by Google that revealed the bugs that the newest release of Google’s Chrome web browser version 18. This version has been release today to the public in its first stable release, and includes notes to the effect of congratulating the participants of the Pwnium competition for their hard work and great contributions to the Chrome project. The Chromium security page has full details of what this update is all about, meanwhile let’s have a look at some simplified details below!

 

The following list includes prize money as well as numbered fixes that were made in the Pwnium contest this past Pwnium season. Google’s Chrome team has opened their pocketbook again and found that, surprise, developers and hackers alike do indeed enjoy finding exploits, especially when there’s cash involved. Check the dollar bills!

  • [$500] [109574] Medium CVE-2011-3058: Bad interaction possibly leading to XSS in EUC-JP. Credit to Masato Kinugawa.
  • [$500] [112317] Medium CVE-2011-3059: Out-of-bounds read in SVG text handling. Credit to Arthur Gerkis.
  • [$500] [114056] Medium CVE-2011-3060: Out-of-bounds read in text fragment handling. Credit to miaubiz.
  • [116398] Medium CVE-2011-3061: SPDY proxy certificate checking error. Credit to Leonidas Kontothanassis of Google.
  • [116524] High CVE-2011-3062: Off-by-one in OpenType Sanitizer. Credit to Mateusz Jurczyk of the Google Security Team.
  • [117417] Low CVE-2011-3063: Validate navigation requests from the renderer more carefully. Credit to kuzzcc, Sergey Glazunov, PinkiePie and scarybeasts (Google Chrome Security Team).
  • [$1000] [117471] High CVE-2011-3064: Use-after-free in SVG clipping. Credit to Atte Kettunen of OUSPG.
  • [$1000] [117588] High CVE-2011-3065: Memory corruption in Skia. Credit to Omair.
  • [$500] [117794] Medium CVE-2011-3057: Invalid read in v8. Credit to Christian Holler.

The three fixes you see there without monetary amounts belong to the entity known as AddressSantitizer – with again, help from the Google Chrome security team. No robot shall be left to stand alone! Also there were $8,000 USD more distributed amongst coders at the events leading up to this release, so high fives for you all!

Source: SlashGear

Link to comment
Share on other sites
 Share
Go to topic listing
×
×
  • Create New...