ID: IRCNE2012021409
Date: 2012-02-18
According to "techworld", Google released a new version of its Chrome browser in order to update the bundled Flash Player plug-in and address serious security vulnerabilities.
Google Chrome 17.0.963.56 fixes 12 security flaws, seven of which are considered high severity, four of medium severity and one of low severity.
Security researcher Jüri Aedla received a special $1,337 reward for discovering and reporting an integer overflow vulnerability in libpng, the library used by Chrome to process PNG images.
Other high-severity flaws were identified in the browser's PDF codecs, its subframe loading, h.264 parsing and path rendering components, as well as its MKV, database, column and counter node handling code.
In theory these vulnerabilities should be considered critical because they could facilitate the remote execution of arbitrary code on the targeted systems.
However, because Google Chrome has a sandboxed architecture, exploiting these vulnerabilities alone would not provide attackers with the necessary level of access to run malicious code.
Chrome 17.0.963.56 also includes a new Flash Player version that Adobe released earlier this week, Kersey said. The Flash Player update addresses seven critical security flaws.
Related links:
Critical update for Flash Player
- 2