A potentially damaging vulnerability to Google’s Chrome browser has been discovered and fixed in an update, the search giant reported. The fix was released just days after Google (NASDAQ: GOOG) had already issued what it called the first stable Chrome 10 release last week.
Google said the CVE-2011-1290 vulnerability is a high impact memory corruption in style handling flaw. The update, Chrome 10.0.648.133, fixes just one flaw, on Windows, Mac, Linux and Chrome Frame for IE. The flaw is known as CVE-2011-1290 and was first reported by HP TippingPoint’s Zero Day Initiative, by way a team of researchers at the 2011 Pwn2own event.
Chrome, Safari and Blackberry all use the WebKit rendering engineering as an underlying technology on their respective platforms. Safari and Blackberry will both need to update their respective platforms to fix CVE-2011-1290 as well.
Last week, Apple (NASDAQ: APPL) issued a massive Safari update for at least 54 WebKit related flaws to help defend against Pwn2own attacks. The Apple Safari 5.0.4 update however wasn’t enough to prevent a team of researchers from VUPEN Security from exploiting the browser.
eSecurity Planet details the Chrome update and how fixing the vulnerability tied back to a $20,000 reward Google offered as part of Pwn2own security event.
