Google Chrome Stable Security Update to Version 11 - gHacks Tech News

Google Chrome Stable Security Update to Version 11

Google has just updated the Google Chrome Stable channel to version 11. This is a landmark considering that the stable branch of the browser is now sharing the "highest-browser-version-crown" with Opera Software's Opera browser.

More important than the version bump to 11 are the security updates that have been implemented in the browser. A total of 25 different security issues have been resolved in Google Chrome 11.

Of those, 16 have received a severity rating of high, the second highest. A further six have received a rating of medium and the remaining three one of low. No security issue has been rated as critical, the highest available rating for security vulnerabilities.

Several of the security vulnerabilities are affecting only the Macintosh or Linux versions of Chrome.

  • [61502] High CVE-2011-1303: Stale pointer in floating object handling.
  • [70538] Low CVE-2011-1304: Pop-up block bypass via plug-ins.
  • [Linux / Mac only] [70589] Medium CVE-2011-1305: Linked-list race in database handling.
  • [71586] Medium CVE-2011-1434: Lack of thread safety in MIME handling.
  • [72523] Medium CVE-2011-1435: Bad extension with ‘tabs’ permission can capture local files.
  • [Linux only] [72910] Low CVE-2011-1436: Possible browser crash due to bad interaction with X.
  • [73526] High CVE-2011-1437: Integer overflows in float rendering.
  • [74653] High CVE-2011-1438: Same origin policy violation with blobs.
  • [Linux only] [74763] High CVE-2011-1439: Prevent interference between renderer processes.
  • [75186] High CVE-2011-1440: Use-after-free with tag and CSS.
  • [75347] High CVE-2011-1441: Bad cast with floating select lists.
  • [75801] High CVE-2011-1442: Corrupt node trees with mutation events.
  • [76001] High CVE-2011-1443: Stale pointers in layering code.
  • [Linux only] [76542] High CVE-2011-1444: Race condition in sandbox launcher.
  • [76646] Medium CVE-2011-1445: Out-of-bounds read in SVG.
  • [76666] [77507] [78031] High CVE-2011-1446: Possible URL bar spoofs with navigation errors and interrupted loads.
  • [76966] High CVE-2011-1447: Stale pointer in drop-down list handling.
  • [77130] High CVE-2011-1448: Stale pointer in height calculations.
  • [77346] High CVE-2011-1449: Use-after-free in WebSockets.
  • [77349] Low CVE-2011-1450: Dangling pointers in file dialogs.
  • [77463] High CVE-2011-1451: Dangling pointers in DOM id map.
  • [77786] Medium CVE-2011-1452: URL bar spoof with redirect and manual reload.
  • [79199] High CVE-2011-1454: Use-after-free in DOM id handling.
  • [79361] Medium CVE-2011-1455: Out-of-bounds read with multipart-encoded PDF.
  • [79364] High CVE-2011-1456: Stale pointers with PDF forms.

Google has paid security researchers a total of $16,500 for the discovery of security issues in the web browser.

Google Chrome 11 includes a new speech input through HTMl feature which can be used by websites to use a web user's speed input. Google Translate is one of the first services to include a listen option. Speech input requires a microphone connected to the computer.

The Google Chrome update is available directly from within the browser. You can check for the update with a click on the wrench icon in the address bar and the selection of About Google Chrome in the menu.

You find further instructions at our How To Upgrade, Downgrade Google Chrome guide.





  • We need your help

    Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

    We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.

    If you like our content, and would like to help, please consider making a contribution:

    Comments

    1. AnonCoward said on April 28, 2011 at 2:00 am
      Reply

      “This is a landmark considering that the stable branch of the browser is now sharing the “highest-browser-version-crown” with Opera Software’s Opera browser.”

      Whoop-dee-doo. This browser version race is just absurd. MS released IE9 not too long ago, version 10 is already in the works. Mozilla’s planning to release version 5, 6 and 7 by the end of the year, because, obviously, the bigger the number, the better / more advanced the browser’s got to be. /facedesk

    2. Jyo said on April 28, 2011 at 3:43 am
      Reply

      Silly rabbit, that’s just like judging a book by its cover : o

    3. PCMartin said on April 28, 2011 at 11:47 am
      Reply

      [Nigel Tufnel:] In Opera and Chrome, the version number is at 11. Look, it’s right here in “About”: 11 and 11.

      [Marty DiBergi:] Oh, I see. And other browsers aren’t at 11?

      [Nigel Tufnel:] Exactly.

      [Marty DiBergi:] Does that mean Opera and Chrome are better? Are they any better?

      [Nigel Tufnel:] Well, it’s a higher version number, isn’t it? It’s not a 4 or a 9. You see, most blokes, you know, will be browsing on version 4 or 9. You’re on 9 here, all the way up, all the way up, all the way up, you’re on version 9 in your browser. Where can you go from there? Where?

      [Marty DiBergi:] I don’t know.

      [Nigel Tufnel:] Nowhere. Exactly. What we do is, if we need that extra push over the cliff, you know what we do?

      [Marty DiBergi:] Switch to a version 11 browser.

      [Nigel Tufnel:] Version 11. Exactly. Two versions better.

      [Marty DiBergi:] Why don’t you just put the same improvements in version 4 or 9 of the other browsers and let those be the version numbers and make those versions better?

      [Nigel Tufnel:] [pause] These ones are at eleven.

    4. bangobang said on April 28, 2011 at 7:03 pm
      Reply

      Google Chrome 11 Squashed Bugs, Adds HTML Speech, New Logo free Download

    5. Spouza said on April 29, 2011 at 4:05 am
      Reply

      Yes, indeed. SEVERAL (four) security vulnerabilities are Linux/Mac only. Fear not, all the remaining twenty-one, plus many more in other apps, readily available for Windows users. Or should we say, users of the “Windows Operating System”, as herr Brinkman likes to put it.

      Oh, ghacks. Good old Microsofts versklavt bundesrepublik of ghacks. How I missed your biased, broken-english posts.

    Leave a Reply