On Tuesday, Google announced and released a stable version of Chrome 15.0.874.102 with fixes for more than two dozen of vulnerabilities. The Chrome team also implemented a defence against the BEAST SSL attack. There were 11 high-severity flaws, including URL bar spoof in history handling, various use-after-free issues, heap overflow in Web Audio, and cross-origin policy violations, which were fixed in the new version.
One of the major flaw that was fixed was the implementation of a defence against the BEAST SSL attack. The attack developed by Juliano Rizzo and Thai Duong, basically enabled users to decrypt client requests on the fly and gain access to confidential sessions with sensitive sites such as online banking, e-commerce and payment sites.
“Although Chrome is not directly affected by the attack, the NSS network library was updated to include a defence against so-called BEAST. This defence may expose bugs in Brocade hardware. Brocade is working on the issue,”
Here’s the full list of bugs fixed in Chrome 15.0.874.102:
- [$500] High CVE-2011-2845: URL bar spoof in history handling. Credit to Jordi Chancel.
- Medium CVE-2011-3875: URL bar spoof with drag+drop of URLs. Credit to Jordi Chancel.
- Low CVE-2011-3876: Avoid stripping whitespace at the end of download filenames. Credit to Marc Novak.
- Low CVE-2011-3877: XSS in appcache internals page. Credit to Google Chrome Security Team (Tom Sepez) plus independent discovery by Juho Nurminen.
- Medium CVE-2011-3878: Race condition in worker process initialization. Credit to miaubiz.
- Low CVE-2011-3879: Avoid redirect to chrome scheme URIs. Credit to Masato Kinugawa.
- Low CVE-2011-3880: Don’t permit as a HTTP header delimiter. Credit to Vladimir Vorontsov, ONsec company.
- [$12174] High CVE-2011-3881: Cross-origin policy violations. Credit to Sergey Glazunov.
- High CVE-2011-3882: Use-after-free in media buffer handling. Credit to Google Chrome Security Team (Inferno).
- [$1000] High CVE-2011-3883: Use-after-free in counter handling. Credit to miaubiz.
- High CVE-2011-3884: Timing issues in DOM traversal. Credit to Brian Ryner of the Chromium development community.
- [$6337] High CVE-2011-3885: Stale style bugs leading to use-after-free. Credit to miaubiz.
- [$2000] High CVE-2011-3886: Out of bounds writes in v8. Credit to Christian Holler.
- [$1000] High CVE-2011-3888: Use-after-free with plug-in and editing. Credit to miaubiz.
- [$2000] High CVE-2011-3889: Heap overflow in Web Audio. Credit to miaubiz.
- High CVE-2011-3890: Use-after-free in video source handling. Credit to Ami Fischman of the Chromium development community.
- High CVE-2011-3891: Exposure of internal v8 functions. Credit to Steven Keuchel of the Chromium development community plus independent discovery by Daniel Divricean.
As a part of the bug bounty program, Google paid more than $26,000 in rewards to several security researchers who found bugs and reported them to Google. SÅ‚awomir BÅ‚aÅ¼ek and Aki Helin of OUSPG were among those who reported some serious bugs and also helped Google to resolve the issues. The highest bug bounty reward was awarded to Sergey Glazunov for bugs related to cross-origin policy violations. Google paid him around $12,174 for his efforts.
Apart from the issues and bugs, Google included new features in Chrome 15, such as a redesigned New Tab page. The revamped tab page now separates Chrome apps and the most-visited websites. They can be accessed using the arrows on the right and left, or from the bottom of the page that has the options – Most-visited, Apps and Bookmarks. You can find the Recently Closedwebsite option on the bottom-left of the page.