Security Fixes Rule in Chrome 22

Thursday, September 27, 2012 @ 04:09 PM gHale


Although there are only a few enhancements in the latest Chrome release, version 22, there are also more than 40 security holes closed.

Chrome 22 closes more than 40 security holes, of which one is critical and 19 rate as “high severity” by the company.

Google sometimes pays out special rewards for bugs found outside of Chrome: In this case, the company rewarded Eetu Luodemaa and Joni Vähämäki from Finnish software firm Documill for a critical Windows kernel memory corruption vulnerability with $5,000. Well-known security expert Sergey Glazunov, who won this year’s Pwnie Award for the Best Client-Side Bug, received $15,000 in total for two UXSS vulnerabilities in frame handling and V8 JavaScript bindings.

Other problems corrected include use-after-free issues in onclick handling and SVG text references, out-of-bounds writes in the Skia graphics library, a buffer overflow in SSE2 optimizations, an integer overflow in WebGL on Mac systems, and 18 separate issues in the PDF viewer.

In all, Google paid out a record $29,500 to security researchers for discovering and reporting these holes as part of its Chromium Security Vulnerability Rewards program; the previous record was $26,511 for holes closed in Chrome 15 from October last year.

As is usual with these fixes, further details about the underlying security holes are not available to give users time to update to the new version. The developers also note the Beta channel updated to version 22.0.1229.79; Chrome 23, which is currently in the Dev channel, should go to Beta status in the coming weeks.

Among the non security changes are further enhancements for Chrome’s support for the Windows 8 operating system, and better support for HiDPI screens such as Apple’s MacBook Pro Retina display.

For developers, Chrome 22 introduced support for the Pointer Lock API. Sometimes referred to as Mouse Lock, this API enables developers to create web applications that better control how to use the mouse and how it interacts with the browser itself. This can be especially useful for web-based 3D games such as first-person shooters to prevent the mouse from moving outside of the current window or hitting the edge of the screen when controlling the perspective.

Further information about the release, including a full list of security fixes, is in a post on the Google Chrome Releases blog. Users can download Chrome 22.0.1229.79 from google.com/chrome for Windows, Mac OS X and Linux, while existing users can upgrade using the built-in update function. Chrome comes from Chromium, the open source browser project run by Google.



Leave a Reply

You must be logged in to post a comment.