Google Updates Chrome 13 for 11 Flaws

Google is out with the latest security patch update for its Chrome Web browser. Chrome stable 13.0.782.215 fixes at least 11 security flaws across Windows, Mac and Linux versions of the browser.

Among the 11 flaws is one that Google has rated as being Critical, which is a rarely given classification by Google. The critical flaw is officially titled, “Memory corruption in vertex handling”. A vertex is a type of graphical shape that Chrome is able to render. The vertex flaw only affects Windows versions of Chrome.

The vertex handling flaw was discovered by security researcher Michael Braithwaite of Turbulenz Limited. For his efforts, Google is awarding Braithwaite $1,337 as a Chromium Security Award. The security award program started back in 2010 with the Chrome release.

The $1,337 award is actually the second highest award that Google gives to security researchers. There is also the ‘elite’ flaw for which Google will pay $3,133.70.

In total for the Chrome 13.0.782.215 release, Google is paying securing researchers $8,837 in security awards. In addition to the critical flaw fixed in Chrome 13.0.782.215, there are also nine flaws that Google has rated as being high impact.

Five of the high impact flaws are use-after-free issues where memory is improperly retained after a process is completed. The used memory can then be leveraged by an attacker to potentially inject malicious code. Use-after-free issues were found in line box handling, counter nodes, custom fonts, libxml XPath handling and text searching. The other high impact flaws include an out-of-bounds write in Chrome’s v8 JavaScript engine. There is also a high impact integer overflow issue in uniform arrays.

For Chrome’s Linux users there is also a high impact flaw in the integrated PDF reader. Google identifies the flaw as a buggy memset() function. The memset function initializes a block of memory for use.

While Google is patching Chrome 13, development on Chrome 14 and 15 continues to move forward. Chrome 14 will include Google’s implementation for running native code on the browser.

Sean Michael Kerner is a senior editor at, the news service of, the network for technology professionals.

Sean Michael Kerner
Sean Michael Kerner
Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.

Top Products

Related articles