News
Google Releases Security Update for Chrome
Google today has released Chrome version 11.0.696.71 which fixes four vulnerabilities in its browser.
Two of the vulnerabilities, deemed "critical," relate to a memory corruption error in the GPU command buffer and an out-of-bounds write issue in blob handling. They were discovered by Google's internal security engineers.
A third vulnerability, labeled "high," related to a bug in code that handles dynamic memory. This "stale pointer" vulnerability could lead to data transfer when aliases are created for allocated memory. Martin Barbella, a researcher not associated with Google, discovered the flaw and was awarded $1,000 as part of the company's Chromium security program.
The final vulnerability fix, categorized as "low," patches an issue that can cause a bug to bypass the popup blocker.
While the holes have been outlined by Google, details of each problem and patch are being withheld until a majority of Chrome users have updated. Today's patch marks the second security update this month to Chrome's "stable" build.
The release of today's updated browser does not fix a zero-day sandbox vulnerability that a French security research team, Vupen, had announced it had discovered earlier in the month. Aside from a handful of Google engineers taking to Twitter to blame the hole on Adobe's Flash software, the company has yet to publicly comment on the issue, besides a statement saying it was unable to investigate the claim due to the fact that Vupen would not share the information outside its paying clients. Â
Google Chrome, version 11.0.696.71 can be downloaded here.