Chrome 20 Fixes High Risk Holes

Friday, July 13, 2012 @ 03:07 PM gHale


There is a new update to the stable 20.x branch of Chrome to close a number of security holes in the WebKit-based web browser, Google officials said.

While it may not seem like quite a few, but version 20.0.1132.57 of Chrome addresses three vulnerabilities, but the company rates them all in the “high severity” category.

RELATED STORIES
Chrome Beta brings Security Alerts
New Tool Shows Security Strength
Internet Facing Control System Alert
Utilities Under Daily Attack

These include two use-after-free errors in counter handling and in layout height tracking discovered by a security researcher by the name of “miaubiz.”

As part of its Chromium Security Vulnerability Rewards program, Google paid the researcher, who is number three in the company’s Security Hall of Fame, $1,000 for discovering and reporting each of the holes.

The company also fixed a third high-risk problem related to object access with JavaScript in PDFs. As usual, the company withheld further details about the vulnerabilities until “a majority of users are up-to-date with the fix.” Other changes include stability improvements, and updates to the V8 JavaScript engine and the built-in Flash player plug-in.

Google also updated the Stable Channel of its ChromeOS operating system, currently available only on Samsung and Acer’s Chromebook notebooks, to version 20, just over two weeks after Google released the Chrome 20 browser June 26. ChromeOS 20.0.1322.54, based on the open source Chromium OS project, includes the security and stability improvements from Chrome, while also adding support for Google Drive, using Google Docs offline and other enhancements.

Chrome 20.0.1132.57 is available to download for Windows, Mac OS X and Linux from google.com/chrome; existing users can upgrade via the built-in update function. Chrome comes from Chromium, the open source browser project run by Google.



Leave a Reply

You must be logged in to post a comment.