Google rolled out a new stable variant of the popular web browser not only to address a Flash issue, but also to patch up a number of security holes that could have exposed users to malicious operations.
A total of $5,000 (3,750 EUR) was awarded to the researchers who identified the high-risk vulnerabilities that were fixed in Chrome Stable 17.0.963.83. The flaws included use-after-free issues in first-letter handling, CSS cross-fade handling, and block splitting.
Ben Vanik from Google discovered a memory corruption in WebGL canvas handling and the Pwn2Own star Sergey Glazunov found a cross-origin violation in “magic frame”.
Christian Holler, the researcher that uncovered a medium severity invalid read in v8 vulnerability was rewarded with $500 (375 EUR) by the search engine giant.
The low severity security holes were fixed by applying additional isolations to webui privileges and by prompting in the browser’s native UI for unpacked extension installations. These two issues were credited to PinkiePie and Sergey Glazunov.
Note. My Twitter account has been erroneously suspended. While this is sorted out, you can contact me via my author profile.
Google Chrome is available for download here