Chrome 14 Closes Security Holes

Thursday, October 6, 2011 @ 04:10 PM gHale


Google released version 14.0.835.202 of Chrome, a maintenance and security update for all supported platforms.

This stable channel update includes the new Flash Player 11 release and addresses nine vulnerabilities.

RELATED STORIES
Chrome Update Repairs Microsoft Alert
Data Theft: Chrome Vulnerable
Firefox Patches 11 Security Bugs
Browsers Buttress for BEAST Battle

Rated “critical” by Google, the company was able to fix a memory corruption problem in the shader translator. Other holes closed include eight “high-risk” bugs ranging from a use-after-free error in text line box handling and stale fonts in text handling, to a cross-origin problem, lifetime and threading issues in audio node handling, and use-after-free and memory corruption exploits in V8, the browser’s JavaScript engine.

Google’s fix for the SSL/TLS vulnerability has yet to make it from the development version to the stable branch.

As part of its Chromium Security Reward program, Google paid out $10,000 to security researchers for reporting these vulnerabilities. The company is withholding further details of the vulnerabilities until “a majority of users are up-to-date with the fix”.

Further details about the update, including a link to the full SVN revision log, are on the Google Chrome Releases blog.

Chrome 14.0.835.202 is available to download for Windows, Mac OS X and Linux from google.com/chrome. Users who currently have Chrome installed can use the built-in update function by clicking Tools, selecting About Google Chrome and clicking the Update button.



Leave a Reply

You must be logged in to post a comment.