Hackers about hacking techniques in our IT Security Magazine

Google Chrome 15 fixes 27 security flaws

Google’s bug bounties is certainly working. Security researchers have identified over 27 flaws in Google Chrome – one researcher Sergey Glazunov found a number of flaws earning him a respectable $12.174 for five high impact flaws in what Google calls ‘cross-origin-policy violations’. Good work Sergey!

Other high impact flaws fixed in Chrome 15 include:

CVE-2011-2845: URL bar spoof in history handling
CVE-2011-3882: Use-after-free in media buffer handling
CVE-2011-3883: Use-after-free in counter handling.
CVE-2011-3884: Timing issues in DOM traversal.
CVE-2011-3885: Stale style bugs leading to use-after-free.
CVE-2011-3886: Out of bounds writes in v8.
CVE-2011-3888: Use-after-free with plug-in and editing.
CVE-2011-3889: Heap overflow in Web Audio.
CVE-2011-3890: Use-after-free in video source handling
CVE-2011-3891: Exposure of internal v8 functions.

In addition to the identified flaws, Chrome 15 also provides new mitigation to help protect against the SSL BEAST attack. SSL BEAST takes advantage of known flaws in the TSL 1.0 implementation of SSL. For more information check out the Google Chrome Releases blog.

October 27, 2011

0 Responses on Google Chrome 15 fixes 27 security flaws"

Add Comment Register



Leave a Message

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>