Google Inc. patched its Chrome browser yesterday in a stable channel update, closing a total of thirteen security holes and bringing the browser version up to 19.0.1084.52 on all supported platforms (Windows, Linux and Mac OS X). In all, the update fixes two vulnerabilities rated critical on the common vulnerability scoring system (CVSS), nine high and two medium rated.
Of the two critical bugs, the first involves Browser memory corruption with websockets over SSL. The second is a Use-after-free bug in Chrome’s browser cache. A majority of the bugs fixes involve Chrome’s memory handling. In addition to the two critical rated bugs, many of the high rated vulnerabilities are also caused by out-of-bounds reads, use-after free errors, buffer overflows and memory corruption.
The high rated vulnerabilities include:
- CVE-2011-3103: Chrome crashes in v8 garbage collection
- CVE-2011-3105: Use-after-free in first-letter handling
- CVE-2011-3109: Bad cast in GTK UI
- CVE-2011-3110: Out of bounds writes in PDF
- CVE-2011-3112: Use-after-free with invalid encrypted PDF
- CVE-2011-3113: Invalid cast with colorspace handling in PDF
- CVE-2011-3114: Buffer overflows with PDF functions
- CVE-2011-3115: Type corruption in v8
The medium rated bugs include CVE-2011-3104, an out-of-bounds read in Skia; and CVE-2011-3111, an invalid read in v8 according to Google.
The details of the referenced bugs have been with-held to prevent exploits in the wild before users get a chance to patch their browsers. A full list of changes is available on the SVN revision blog. More details can been found on the Chromium security page. Updates are available through the Chrome auto-updater, or as a full download from the Chrome homepage.