Security Fixes for Chrome 27

Wednesday, June 5, 2013 @ 03:06 PM gHale

Google issued a security update for its Chrome browser and Chrome Frame platform.

The update fixes one security vulnerability rated as critical, nine rated as high and one rated as medium. There was also a rollup set of fixes included as a high severity flaw contained bugs found through auditing, fuzzing and other in-house security processes.

Google Fixes Holes in Chrome 27
Critical Holes Fixed in Firefox
IE 10 Tops at Malware Blocking
Mozilla Brings Infringement Suit

The critical hole, memory corruption in SSL socket handling, and one of the high rated holes, didn’t result in any bounty paid, but the remaining eight high and medium severity holes saw nearly $10,000 paid out.

One high severity flaw, a use-after-free problem with workers access database APIs, earned $1,337, an amount that typically identifies an interesting problem identified, but this was not the largest bounty paid. That went to a Windows-only problem where bad handles passed to the renderer and earned the discoverer, Colin Payne, $2,000.

Existing installations of Chrome on Windows, Mac OS X and Linux should update automatically. Other users can download the browser or the Chrome Frame IE plug-in from Google.

Leave a Reply

You must be logged in to post a comment.