Chrome Updated, 7 Holes Filled

Thursday, March 13, 2014 @ 07:03 PM gHale


Google updated the stable channel of its web browser to address seven security holes, which means Chrome 33.0.1750.149 is available for download.

Of the 7 vulnerabilities, three stand out. CVE-2014-1700 is a use-after-free issue in speech identified by Chamal de Silva. The researcher earned $4,000 for his findings.

RELATED STORIES
Google Fixes Chrome Security Holes
Adobe Patches Shockwave
IE Leads Patch Tuesday Fixes
Exploit for Patched Flash Bug

The second flaw, CVE-2014-1701, reported by aidanhs, is an UXSS vulnerability, which brought in $3,000.

Collin Payne earned $1,000 for finding a use-after-free in the web database (CVE-2014-1702).
All those vulnerabilities ended up labeled as being high risk.

Google’s internal security team has also contributed to making Chrome more secure. They’ve identified a potential sandbox escape caused by a use-after-free in web sockets (CVE-2014-1703), and various vulnerabilities in V8 (CVE-2014-1704).

Users should update their browser soon as possible to secure their computers against cyberattacks that might leverage these flaws. The latest version of Chrome contains a Flash Player update to version 12.0.0.77.



Leave a Reply

You must be logged in to post a comment.