Chrome 30 has 50 Security Fixes

Wednesday, October 2, 2013 @ 04:10 PM gHale


With the Chrome 30 release, Google fixed 50 security issues.

The list of vulnerabilities reported by external researchers includes ten high-impact and six medium-impact flaws.

RELATED STORIES
Mozilla Ships a More Secure Firefox 24
Patched Safari Bug under Attack
Text String Takes Bite Out of Apple
Still a Hack, but Wrong Person

The high-impact issues refer to use-after-free vulnerabilities in inline-block rendering, in PPAPI, in XML document parsing, in DOM, in resource loader, in the Windows color chooser dialog, and in template element. A memory corruption in V8 and an address bar spoofing bug related to the “204 No Content” status code also fall into this category.

The medium-impact vulnerabilities include a use-after-free in Web Audio, an out of bounds read in the same component, and an out of bounds read in URL parsing.

The security researchers credited for finding vulnerabilities are Atte Kettunen of OUSPG, Boris Zbarsky, Chamal de Silva, Byoungyoung Lee, and Tielei Wang of Georgia Tech, cloudfuzzer, Khalil Zhani, Wander Groeneveld, Masato Kinugawa, Adam Haile of Concrete Data, and Jon Butler.

They earned a total of $19,000 for their work.

Atte Kettunen, cloudfuzzer, and miaubiz earned an additional $8,000 for working with Google on addressing security issues during the development cycle.

Click here for a list of the vulnerabilities.



Leave a Reply

You must be logged in to post a comment.