Chrome 18 Release Fixes Bug Competition Finds

It was the Pwnium competition held by Google that revealed the bugs that the newest release of Google's Chrome web browser version 18. This version has been release today to the public in its first stable release, and includes notes to the effect of congratulating the participants of the Pwnium competition for their hard work and great contributions to the Chrome project. The Chromium security page has full details of what this update is all about, meanwhile let's have a look at some simplified details below!

The following list includes prize money as well as numbered fixes that were made in the Pwnium contest this past Pwnium season. Google's Chrome team has opened their pocketbook again and found that, surprise, developers and hackers alike do indeed enjoy finding exploits, especially when there's cash involved. Check the dollar bills!

[$500] [109574] Medium CVE-2011-3058: Bad interaction possibly leading to XSS in EUC-JP. Credit to Masato Kinugawa.

[$500] [112317] Medium CVE-2011-3059: Out-of-bounds read in SVG text handling. Credit to Arthur Gerkis.

[$500] [114056] Medium CVE-2011-3060: Out-of-bounds read in text fragment handling. Credit to miaubiz.

[116398] Medium CVE-2011-3061: SPDY proxy certificate checking error. Credit to Leonidas Kontothanassis of Google.

[116524] High CVE-2011-3062: Off-by-one in OpenType Sanitizer. Credit to Mateusz Jurczyk of the Google Security Team.

[117417] Low CVE-2011-3063: Validate navigation requests from the renderer more carefully. Credit to kuzzcc, Sergey Glazunov, PinkiePie and scarybeasts (Google Chrome Security Team).

[$1000] [117471] High CVE-2011-3064: Use-after-free in SVG clipping. Credit to Atte Kettunen of OUSPG.

[$1000] [117588] High CVE-2011-3065: Memory corruption in Skia. Credit to Omair.

[$500] [117794] Medium CVE-2011-3057: Invalid read in v8. Credit to Christian Holler.

The three fixes you see there without monetary amounts belong to the entity known as AddressSantitizer – with again, help from the Google Chrome security team. No robot shall be left to stand alone! Also there were $8,000 USD more distributed amongst coders at the events leading up to this release, so high fives for you all!

You can download the new version of Google Chrome now via this link: [GOOGLE CHROME 18 DOWNLOAD HERE] and know this as well: it contains the new Adobe Flash release as well. Upgrades for everyone!