Google releases Chrome security fixes, still mum on flaw details

Google has released a updated version of its Chrome browser that fixes four vulnerabilities.

Two of the vulnerabilities, deemed "critical," relate to a memory corruption error in the GPU command buffer and an out-of-bounds write issue in blob handling. They were discovered by Google's internal security engineers.

A third vulnerability, labeled "high," related to a bug in code that handles dynamic memory. This "stale pointer" vulnerability could lead to data transfer when aliases are created for allocated memory. Martin Barbella, a researcher not associated with Google, discovered the flaw and was awarded $1,000 as part of the company's Chromium security program.


Related stories:

Google Chrome browser pwned, says security firm

Google Chrome triumphs in hacker challenge


The final vulnerability fix, categorized as "low," patches an issue that can cause a bug to bypass the popup blocker.

While the holes have been outlined by Google, details of each problem and patch are being withheld until a majority of Chrome users have updated. The patch marks the second security update this month to Chrome's "stable" build.

The release of the updated browser does not fix a zero-day sandbox vulnerability that a French security research team, Vupen, had announced it had discovered earlier in the month. Aside from a handful of Google engineers taking to Twitter to blame the hole on Adobe's Flash software, the company has yet to publicly comment on the issue, besides a statement saying it was unable to investigate the claim due to the fact that Vupen would not share the information outside its paying clients.  

Google Chrome, version 11.0.696.71 can be downloaded here.

About the Author

Chris Paoli is the associate Web editor for 1105 Enterprise Computing Group's Web sites, including Redmondmag.com, RCPmag.com, ADTmag.com and VirtualizationReview.com.

inside gcn

  • digital key (wavebreakmedia/Shutterstock.com)

    Encryption management in government hyperconverged IT networks

Reader Comments

Fri, May 27, 2011 md1618

I got the latest version of Google Chrome, but when I go to Twitter, all that shows is a blank page?! Back to Avant browser AGAIN.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group