Chrome Security Fix Ready

Friday, May 25, 2012 @ 01:05 PM gHale


In a “pure security update,” Google revised its stable version of Chrome, which brings the browser version to 19.0.1084.52 on Windows, Mac OS X and Linux.

The security update does not include any new features, it just closes nine vulnerabilities with a Common Vulnerability Scoring System (CVSS) rating of “High” and fixes two problems labeled “Critical” as well as two “Medium” level issues.

RELATED STORIES
Yahoo! Security Key Leaked
Chrome 19 Boosts Security
Apple Shuts More OS X, Safari Flaws
Skype for Linux Security Fix

A majority of the vulnerabilities are because of bugs in Chrome’s memory handling, such as out-of-bounds reads and use-after-free conditions, and Google said they found several of them with their AddressSanitizer tool. Other bugs ended up fixed in Chrome’s PDF handling code and its V8 JavaScript rendering engine.

Google did not release further details about the vulnerabilities so it will give time for the updates to roll out to all affected users.

Google said it paid out its signature amount of $1337 to a researcher who reported one of the critical vulnerabilities. Three $1000 bounties and one of $500 also went out to three other individuals as part of Google’s bounty program for Chrome security vulnerabilities.



Leave a Reply

You must be logged in to post a comment.