Jump to content

Chrome 17 update fixes high-risk vulnerabilities


anuseems

Recommended Posts

Google has released version 17.0.963.83 of its Chrome web browser, a maintenance update that fixes issues with Flash games and closes several security holes. The Stable channel update addresses a total of nine vulnerabilities, six of which are rated as "high severity".

These include an integer issue in libpng (the official PNG reference library), a memory corruption problem in WebGL canvas handling and a cross-origin violation related to "magic iframe", as well as use-after-free errors in first-letter handling, CSS cross-fade handling and block splitting. One medium-risk invalid read in the V8 JavaScript engine and two low-risk problems related to WebUI privileges and unpacked extension installation have also been fixed.

As part of its Chromium Security Vulnerability Rewards programme, Google paid security researchers $5,500 for discovering and reporting the holes. Additional details about the vulnerabilities are being withheld until "a majority of users are up-to-date with the fix". The developers also note that a low severity issue related to the extension web request API was fixed in a previous release but was not properly credited.

Further information about the update can be found in a post on the Google Chrome Releases blog. Chrome 17.0.963.83 is available to download from google.com/chrome for Windows, Mac OS X and Linux; alternatively, existing users can upgrade using the built-in update function.

Link to comment
Share on other sites

  • Replies 0
  • Views 767
  • Created
  • Last Reply

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...